AWS Identity and Access Management (IAM) is a web service that helps to securely control user access to AWS resources through authentication and authorization. For more information on IAM, refer to Using IAM. An IAM role to launch SBC SWe HA instance in AWS is required. It is only required to create one role per account.

The IAM role must be associated with a policy that defines at a minimum the following permissions:  


Permissions
"Statement": [
        {
           "Effect": "Allow",
           "Action": [
           "ec2:AllocateAddress",
           "ec2:AssignPrivateIpAddresses",
           "ec2:AssociateAddress",
           "ec2:AttachNetworkInterface",
           "ec2:DisassociateAddress",
           "ec2:DescribeInstances",
           "ec2:DescribeNetworkInterfaces"
             ],
         "Resource": "*"
        }
      ]

To create a Policy and associate it to a Role for SBC, perform the following procedure: 

 

  1. Navigate to IAM Dashboard: https://console.aws.amazon.com/iam/home
  2. Select Policies from the left panel.
    The Policies page displays.


  3. Click Create Policy.
    The Policies page displays.
  4. Click the JSON tab.
    The JSON editor panel appears.

  5. Update the policy statement to include the content below:

    Policy Statement
    "Statement": [
               {
                  "Effect": "Allow",
                  "Action": [
                  "ec2:AllocateAddress",
                  "ec2:AssignPrivateIpAddresses",
                  "ec2:AssociateAddress",
                  "ec2:AttachNetworkInterface",
                  "ec2:DisassociateAddress",
                  "ec2:DescribeInstances",
                  "ec2:DescribeNetworkInterfaces"
                    ],
                "Resource": "*"
               }
             ]
  6. Click Review Policy.
  7. Enter a name for the policy and a description, then click Create Policy. 
    The Create Policy window displays.
  8. The user will get an indication that the policy was created and will return to the policy window.
    The Create Policy Successful window displays.
  9. Click Roles.
    The Roles window displays.
  10. Click on Create Role.
    The Create role window will appear.
  11. Select EC2 as the service that will use this role, then click on Next: Permissions.
    The Attach permissions policies window will appear.
  12. In the search window next to Filter Policies, type the name of the policy you just created, then select it from the list. 
  13. Click on Next: tags.
    The Add tags window appears. 
  14. If desired, enter a tag. Click on Next: Review.
    The Create Role Review page is displayed.
  15. Enter a Role Name and then click Create Role
  16. The Create role window reappears.
  17. You can verify that your role was created by typing the name of the created role in the search area. 


  • No labels