Adding AWS Role Based Access
This document is a guide of how to allow Cloudyn Role based access to your AWS accounts.
When you are about to perform an action based on Cloudyn recommendations like stopping an instance or deleting a snapshot it is recommended to use a predefined role. Click the action button in the report, after confirming the action a pop up box below will appear. Select “IAM Role” for Access type.
Create new Policy
First you will have to create a policy with the exact permissions needed to perform the delete a snapshot action.
- Login to your AWS console and select “Services” at the top of the screen.
- Select IAM from the list of services.
- Select “Policies” from the left side of the console and then “Create Policy”.
- Select “Create Your Own Policy”, give it a name (for example “CloudynDeleteVolumes”)
- Copy and paste the policy below for creating one policy that allows deleting a volume.
Creating a new Role in your account
To enable role based access, you will need to enter your AWS console and create a Role to be used in Cloudyn. Login to your AWS console and select “Services” at the top of the screen. Then select IAM from the list of services.
Select “Roles” from the left side of the console and then “Create New Role”.
You will now begin a 5 step process for creating the role:
- Set Role Name - Enter a name for the new role and select “Next Step”
- Select Role Type
- Select “Role for Cross-Account Access”
- Select “Allows IAM users from a 3rd party AWS account to access this account”
- “Account ID” enter 432263259397
- “External ID” enter the external ID from the pop-up box in Cloudyn. It will look something like “Companyname1234567890123”.
- Leave the “Require FMA” box unchecked and select “Next Step”
You will now see a list of your Roles. Select the role you just created and copy the Role ARN. Now return to the Cloudyn pop-up box and paste the Role ARN. Select “Save” at the bottom of the Cloudyn pop-up box and you are finished.