SoftNAS Virtual Storage Solutions
×
Menu
Index
Search
 
   
   
   
 

Creating the IAM Role for SoftNAS Cloud®

Creating an IAM Role to govern user access prior to creating your SoftNAS Cloud®

instance

is recommended best practice, rather than Specifying an IAM User. The IAM  Role provides a more secure environment. 
 

Creating the  IAM Role Policy.

SoftNAS recommends the use of a custom policy for IAM role configuration. This custom policy should be created prior to the role itself. Open the Identity and Access Management  Console to begin.
 
1. To create the custom policy, click Policies from within the navigation pane.
 
 
2. Select Create Policy.
 
3. Select Create Your Own Policy.
 
4. Provide a Policy Name, and copy the policy below into the Policy Document box. You can also provide a Policy Description in order to help differentiate this policy from others that may be similar. It is always a good idea to validate your policy before creating it. Click Create Policy.
 
 
IAM Role Policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1444200186000",
      "Effect": "Allow",
      "Action": [
        "ec2:ModifyInstanceAttribute",
        "ec2:DescribeInstances",
        "ec2:CreateVolume",
        "ec2:DeleteVolume",
        "ec2:CreateSnapshot",
        "ec2:DeleteSnapshot",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:AttachVolume",
        "ec2:DetachVolume",
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes",
        "ec2:DescribeSnapshots",
 
        "aws-marketplace:MeterUsage",
 
        "ec2:DescribeRouteTables",
        "ec2:DescribeAddresses",
        "ec2:DescribeTags",
        "ec2:DescribeInstances",
        "ec2:ModifyNetworkInterfaceAttribute",
        "ec2:ReplaceRoute",
        "ec2:CreateRoute",
        "ec2:DeleteRoute",
        "ec2:AssociateAddress",
        "ec2:DisassociateAddress",
 
        "s3:CreateBucket",
        "s3:Delete*",
        "s3:Get*",
        "s3:List*",
        "s3:Put*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
 
 
 
Note: S3-BUCKET1 & S3-BUCKETZ are the buckets you create while using Amazon Cloud Disk Extenders. You can learn more about how to create these buckets in Adding Cloud Disk Extenders.
 

Creating the IAM Role.

Having created the IAM Role policy, you can now create the role and assign the policy.
 
1. Still within the IAM Console, from the navigation pane, click Roles, and then click Create New Role.
 
2. On the Set Role Name page, enter the name for the role as SoftNAS_DISK_IAM for disk access and click Next Step.
 
Critical: Use only this role name, and remember that this string is case sensitive.
 
4. On the Select Role Type page, click Select next to Amazon EC2.
 
5. On the Attach Policy page, select the SoftNAS IAM Policy created earlier and click Next Step. (If you cannot find the policy in question, change policy type to Customer Managed Policy)
 
6. Review the policy settings and click Create Role.
 
 
Copyright © 2017 SoftNAS, INC - All Rights Reserved