Document toolboxDocument toolbox

Configure the Principal and External ID

Owned by Sri Raghu
Last updated: Sept 06, 2024
1 min read

An IAM role is an IAM identity you can create in your account and has specific permissions. An IAM role is similar to an IAM user, and it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. You must configure the Principal and External ID for the Infoblox Portal to interact with AWS.

Configuring IAM Role

  1. Create a Role (AssumeRole).

    1. Select AWS Account: Another AWS account.

    2. Select AWS Account - Enter Principal ID as shown in the Infoblox Portal.

    3. Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.

    4.  Enter the External ID as shown in CSP.

    5. Permissions:

      1. Attach the policy as specified in the section .

      2. Attach AWSOrganizationsReadOnlyAccess to discover accounts.

    6. Tags: This is optional. Provide some meaningful tags.

    7. Role Name: Specify the role name as infoblox_discovery. 

    8. Click Create Role. 

Configuration in AWS Sub-accounts

  1. Create Role  (AssumeRole)

    1. In Select type of trusted entity, configure the following:

      1. Select AWS Account: Select Another AWS account.

      2. Enter the Principal ID as shown in Infoblox Portal.

      3. Select the checkbox Require external ID under Options. This is a best practice when a third party will assume this role.

      4. Enter the External ID as shown in CSP

    2. Permissions: Configure the following permissions:

      1. Attach Policy: Attach the policy as specified in the section .

      2. Tags: This is optional. Provide some meaningful tags.

      3. Role Name: Specify the name of the IAM role you have created above (infoblox_discovery).

      4. Click Create Role.