Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, and it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. You must configure the Principal and External ID that for the Cloud Services Portal to interact with AWS.

Configuring IAM Role

  1. Create a Role (AssumeRole).

    1. Select AWS Account: Another AWS account.

    2. Select AWS Account - Enter Principal ID as shown in CSP.

    3. Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.

    4.  Enter the External ID as shown in CSP.

    5. Permissions:

      1. Attach the policy as specified in the section Permissions required in AWS R53.

      2. Attach AWSOrganizationsReadOnlyAccess to discover accounts.

      3. Attach policy created in the Step 1 

    6. Tags: This is optional. Provide some meaningful tags.

    7. Role Name: Specify the role name as infoblox_discovery

    8. Click Create Role

Configuration in AWS Sub-accounts

  1. Create Role  (AssumeRole)

    1. In Select type of trusted entity, configure the following:

      1. Select AWS Account: Select Another AWS account.

      2. Enter the Principal ID as shown in CSP.

      3. Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.

      4. Enter the External ID as shown in CSP

    2. Permissions: Configure the following permissions:

      1. Attach Policy: Attach the policy that has permissions required for R53 sync (R53ReadWrite access).

      2. Tags: This is optional. Provide some meaningful tags.

      3. Role Name: Specify the name of the IAM role you have created.

      4. Click Create Role.

  • No labels