Product Documentation and Knowledge Base - HomeDocumentation


Charon-SSP


Creating and Attaching an AWS IAM Role

The Charon-SSP VE License Server on AWS requires that an IAM role that allows at least the ListUsers action is attached to the instance. This section provides an overview of how to create such a role if required. Please refer to the AWS documentation for details.

The basic steps to create and attach a new IAM role definition are the following:

  1. Go to the IAM service section.
  2. Define a policy with the required permission if it does not already exist.
  3. Define a role including the policy with the required permissions.
  4. Attach the new IAM role to your instance during instance creation or to an existing instance.

These steps are described in more detail below.


Step 1: Go to the IAM service section:

Open the services overview and search for IAM or open it from the Recently Visited list:

This will open the IAM dashboard.


Step 2: Define a policy with the required permissions (if it does not already exist):

Select Policies in the IAM dashboard:


This will open a list of existing policies. If the required policy does not already exist, click on Create policy to create a new one as shown below:


The Create policy window opens.

  • At the top of the page click on Choose a service and select IAM.
  • Use the filter field to search for the list options.
  • Select the ListUsers option.

At the bottom of the page click on Review policy.

The review page opens:

Add a name for the policy and click on Create policy at the bottom of the page.


Step 3: Define a role including the policy with the required permissions:

Select Roles on the sidebar of the IAM service section (for example on the IAM dashboard):

This will open a list of existing roles. To create a new role, click on Create role.


The Create role window opens. Select

  • the AWS service, and
  • the EC2 use case.

Then click on Next: Permissions at the bottom of the window.


The permissions window opens and allows you to select the appropriate policy. Use the filter field to find your policy and select it.


Click on Next: Tags and optionally add tags to your rule. Then click on Next: Review to open the review window. Assign a name to your new role as shown in the sample below:

Then click on Create role at the bottom of the window to complete the creation of your role.

The sample below shows the JSON code created for the rule:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "iam:ListUsers",
            "Resource": "*"
        }
    ]
}

Step 4: Attach the new IAM role to your instance during instance creation or to an existing instance.

To attach the role to an instance during instance creation, use the IAM role option in the Configure Instance Details window, as shown in the sample below.

Alternatively, the role can be set/changed by selecting the instance, right-clicking on it, and selecting Security > Modify IAM Role (in the older AWS console, use the Action menu). Please note that if the instance is stopped, you have to detach an existing role before you can add a new one. On a running instance, you can replace the existing role without removing it first. If you replace an existing IAM role, ensure that this will not impact other functionality of your instance.






© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.