When the Create role dialog opens (shown in Figure 3.22), select the AWS service button and highlight the EC2 bar, and click Next: Permissions
When the Attach permissions policies
dialog opens (see Figure 3.23), do not specify a policy; instead, click Next
Use the Review
dialog (see Figure 3.24)
to provide a name and a description; then, click Create role
. The role will be displayed in the role list on the Amazon IAM Roles page. Highlight the role name to review account details (see Figure 3.25).
The Summary tab will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated.
After completing the Create Role
wizard, you must modify the inline policy and trust relationship (defined by the security policy) to allow Ark to use the role. Click the Add inline policy
button to add a security policy.
Copy the permission policy text into
tab (see Figure 3.26). The permission policy required by Ark is available in Section 10.3.
Then, click Review Policy to return to continue to the Review policy page and provide a name for the policy. Then, click the Create policy button to return to the role summary page.
Select the Trust relationships tab, and click the Edit trust relationship button to update the trust relationship assigned to the role (see Figure 3.27). Replace the displayed content of the
document with the content of the file available in Section 10.2.
Please note: EDB-ARK-SERVICE
is a placeholder within the trust policy. You must replace the placeholder with the External ID
provided on the Step 2
tab of the Ark console New User Registration
To retrieve the External ID, open another browser window and navigate
to the Log In
page of your Ark console.
Click the Register button to open the New User Registration dialog (shown in Figure 3.28).
When you've completed Step 1, click Next to open the Step 2 tab. The Step 2 tab of the New User Registration dialog will display a random External ID number. Copy the External ID from the Step 2 dialog into the trust policy, replacing EDB-ARK-SERVICE
. Please note that you must enclose the External ID
in double-quotes ("
). Click the Update Trust Policy button to save your edits and exit the dialog.
Enter your Amazon IAM role ARN in the Role Arn field on the Step 2 dialog, and click Finish
to complete the registration (see Figure 3.30). Select Cancel to exit without completing the registration.
Figure 3.31 - The Login/Register dialog.
Provide the email address in the Email
field, and the associated password in the Password
field, and click Log In
to connect to the Ark management console (shown in Figure 3.32).
Figure 3.32 - The Dashboard tab of the Ark management console.