Creating IAM Roles on AWS¶
Here is an example of how to set up IAM roles on AWS Management Console.
- Navigate to the
IAM
service on AWS Management Console. -
Create a new IAM policy:
- Click
Create Policy
in the IAM policy menu. - Open the
JSON
tab and paste the following policy. ClickReview Policy
.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:DescribeActiveReceiptRuleSet", "athena:GetWorkGroup", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "elastictranscoder:ListPipelines", "elasticfilesystem:DescribeFileSystems", "servicequotas:ListServiceQuotas" ], "Resource": "*" } ] }
- Enter
RISKEN
in the name field and clickCreate Policy
.
- Click
-
Create a new IAM role:
- Click
Create Role
in the IAM role menu. - Select
AWS account
forSelect type of trusted entity
and enter the following:- AWS account: Another AWS account
- Account ID: You need to register the AWS account ID for RISKEN as a trusted entity.
AWS account ID
Please contact your system administrator for the AWS account ID in the RISKEN environment.
- External ID:
{External ID generated earlier}
- Click
Next: Permissions
.
- On the Permissions screen, search for and check the following two policies, then click
Next: Tags
:RISKEN
(the policy created earlier)SecurityAudit
(the management policy)
- Click
Next: Tags
. - On the Review screen, enter
RISKEN
in the Role name field and clickCreate Role
.
- Click