Document toolboxDocument toolbox

Configuring the IAM User

Owned by Sri Raghu
Last updated: Sept 06, 2024
1 min read

An IAM user is an entity that represents a person or application that interacts with AWS. It has specific credentials and permissions attached to it, like roles, to control access.

Configuring Assume Role Policy

To include AWS sub-account in the Route53 sync, AWS Role ARN is a mandatory parameter. The credentials and the role ARN requires AssumeRole permissions.

Complete the following steps to configure a role in AWS:

  1. Complete the following steps to create an IAM case:

    • Create a policy with the following settings: 

      • Choose service: Choose STS.

      • Actions: Choose AssumeRole (Write Access).

      • Resources: Configure the following: 

        • Add ARN:

          • Choose any account.

          • Specify the Role Name. 

      • Add and Review Policy. 

      • Specify a Name. 

      • Create Policy

 

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "sts:AssumeRole"

            ],

            "Resource": [

                "arn:aws:iam::*:role/demorole"

            ]

        }

    ]

}

 

  1. Create a user and attach the policy to the user. 

  2. Create a Role (AssumeRole).

    1. Select AWS Account: This account

    2. Permissions

      1. Attach the policy as specified in the section .

      2. Attach AWSOrganizationsReadOnlyAccess to discover accounts.

    3. Tags: This is optional. Provide some meaningful tags.

    4. Role Name: Specify a name for the role.

    5. Click Create Role.

Configuration in AWS sub-accounts

The steps in this section are required to be configured on the Trusting/Sub-account.

Fore creating a role with proper permissions, complete the following steps for IAM Create Role  (AssumeRole):

  1. In Select type of trusted entity, configure the following:

    1. Select AWS Account: Select Another AWS account.

    2. Provide the Account ID of the Trusted/Management account.

  2. Permissions: Configure the following permissions:

    1. Attach Policy: Attach the policy as specified in the section .

  3. Tags: This is optional. Provide some meaningful tags.

  4. Role Name: Specify the IAM role that you just created.

  5. Click Create Role.