AWS Identity and Access Management (IAM) is a web service that helps to securely control user access to AWS resources through authentication and authorization. For more information on IAM, refer to Using IAM. An IAM role to launch SBC SWe HA instance in AWS is required. It is only required to create one role per account.
The IAM role must be associated with a policy that defines at a minimum the following permissions:
"Statement": [ { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AttachNetworkInterface", "ec2:DisassociateAddress", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces" ], "Resource": "*" } ]
To create a Policy and associate it to a Role for SBC, perform the following procedure:
Update the policy statement to include the content below:
"Statement": [ { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AttachNetworkInterface", "ec2:DisassociateAddress", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces" ], "Resource": "*" } ]