An IAM role is an IAM identity that you can create in your account that and has specific permissions. An IAM role is similar to an IAM user, and it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. You must configure the Principal and External ID that for the Cloud Services Infoblox Portal to interact with AWS.
...
Create a Role (AssumeRole).
Select AWS Account: Another AWS account.
Select AWS Account - Enter Principal ID as shown in CSPthe Infoblox Portal.
Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.
Enter the External ID as shown in CSP.
Permissions:
Attach the policy as specified in the section Permissions required in AWS R53.
Attach AWSOrganizationsReadOnlyAccess AWSOrganizationsReadOnlyAccess to discover accounts.
Tags: This is optional. Provide some meaningful tags.
Role Name: Specify the role name as infoblox_discovery.
Click Create Role.
...
Create Role (AssumeRole)
In Select type of trusted entity, configure the following:
Select AWS Account:Select Another AWS account.
Enter the Principal ID as shown in CSPInfoblox Portal.
Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.
Enter the External ID as shown in CSP
Permissions: Configure the following permissions:
Attach Policy: Attach the policy as specified in the section Permissions required in AWS R53.
Tags: This is optional. Provide some meaningful tags.
Role Name: Specify the name of the IAM role you have created above (infoblox_discovery).
Click Create Role.