Creating IAM Roles on AWS

Here is an example of how to set up IAM roles on AWS Management Console.

1. Navigate to the IAM service on AWS Management Console.

2. Create a new IAM policy:

   • Click Create Policy in the IAM policy menu.
     • 
   • Open the JSON tab and paste the following policy. Click Review Policy.

     {
         "Version": "2012-10-17",
         "Statement": [
             {
                 "Effect": "Allow",
                 "Action": [
                     "ses:DescribeActiveReceiptRuleSet",
                     "athena:GetWorkGroup",
                     "logs:DescribeLogGroups",
                     "logs:DescribeMetricFilters",
                     "elastictranscoder:ListPipelines",
                     "elasticfilesystem:DescribeFileSystems",
                     "servicequotas:ListServiceQuotas"
                 ],
                 "Resource": "*"
             }
         ]
     }
     

     • 
   • Enter RISKEN in the name field and click Create Policy.
     • 

3. Create a new IAM role:

   • Click Create Role in the IAM role menu.
     • 
   • Select AWS account for Select type of trusted entity and enter the following:
     • AWS account: Another AWS account
     • Account ID: You need to register the AWS account ID for RISKEN as a trusted entity.
     AWS account ID

     Please contact your system administrator for the AWS account ID in the RISKEN environment.

     • External ID:

       {External ID generated earlier}
       

     • 
     • Click Next: Permissions.
   • On the Permissions screen, search for and check the following two policies, then click Next: Tags:
     • RISKEN (the policy created earlier)
     • SecurityAudit (the management policy)
   • Click Next: Tags.
   • On the Review screen, enter RISKEN in the Role name field and click Create Role.
     •