Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

For configuring the Principal and External ID that are available in the CSP.

Configuring IAM Role

  1. Create a Role (AssumeRole).

    1. Select AWS Account: Another AWS account.

    2. Select AWS Account - Enter Principal ID as shown in CSP.

    3. Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.

    4.  Enter the External ID as shown in CSP.

    5. Permissions:

      1. Attach the policy as specified in the section Permissions required in AWS R53.

      2. Attach AWSOrganizationsReadOnlyAccess to discover accounts.

      3. Attach policy created in the Step 1 

    6. Tags: This is optional. Provide some meaningful tags.

    7. Role Name: Specify the role name as infoblox_discovery

    8. Click Create Role

Configuration in AWS Sub-accounts

  1. Create Role  (AssumeRole)

    1. In Select type of trusted entity, configure the following:

      1. Select AWS Account: Select Another AWS account.

      2. Enter the Principal ID as shown in CSP.

      3. Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.

      4. Enter the External ID as shown in CSP

    2. Permissions: Configure the following permissions:

      1. Attach Policy: Attach the policy that has permissions required for R53 sync (R53ReadWrite access).

      2. Tags: This is optional. Provide some meaningful tags.

      3. Role Name: Specify the same name as provided in step 3.d.

      4. Click Create Role.

  • No labels