AWS Actions - Delete Disks

Adding AWS Role Based Access

This document is a guide of how to allow Cloudyn Role based access to your AWS accounts.

When you are about to perform an action based on Cloudyn recommendations like stopping an instance or deleting a snapshot it is recommended to use a predefined role. Click the action button in the report, after confirming the action a pop up box below will appear. Select “IAM Role” for Access type.

 

Create new Policy

First you will have to create a policy with the exact permissions needed to perform the delete a snapshot action.

 

  1. Login to your AWS console and select “Services” at the top of the screen.
  2. Select IAM from the list of services. 
  3. Select “Policies” from the left side of the console and then “Create Policy”.
  4. Select “Create Your Own Policy”, give it a name (for example “CloudynDeleteVolumes”) 
  5. Copy and paste the policy below for creating one policy that allows deleting a volume.

 

 

 

{
   "Version": "2012-10-17",
    "Statement": [
     {
       "Sid": "CloudynDeleteVolume",
       "Effect": "Allow",
       "Action": [
        "ec2:DeleteVolume"
       ],
       "Resource": [
        "*"
       ]
     }
   ]
}

 

Creating a new Role in your account

To enable role based access, you will need to enter your AWS console and create a Role to be used in Cloudyn. Login to your AWS console and select “Services” at the top of the screen. Then select IAM from the list of services.

Select “Roles” from the left side of the console and then “Create New Role”.

You will now begin a 5 step process for creating the role:

 

  1. Set Role Name - Enter a name for the new role and select “Next Step”
  2. Select Role Type

    • Select “Role for Cross-Account Access”
    • Select “Allows IAM users from a 3rd party AWS account to access this account”

  3. Establish Trust - Enter the following values:
    • “Account ID” enter 432263259397
    • “External ID” enter the external ID from the pop-up box in Cloudyn. It will look something like “Companyname1234567890123”.
    • Leave the “Require FMA” box unchecked and select “Next Step”
  4. Attach Policy - Select the policy you created in the previous section from the list of the policies and select “Next Step” (There are many policies to choose from so try entering policy name in the filter and it will appear near the bottom of the results)
  5. Review - Look over your selections. If all looks in order, select “Create Role”.

 

 

You will now see a list of your Roles. Select the role you just created and copy the Role ARN. Now return to the Cloudyn pop-up box and paste the Role ARN. Select “Save” at the bottom of the Cloudyn pop-up box and you are finished.