Setting EC2 Instance Permissions in AWS
For installation of the ZCA to succeed in AWS, the permission level of the VM running the ZCA must be set using IAM Roles.
To set mandatory permissions in IAM Role:
|
1.
|
In the AWS Management Console, navigate to All Services – Security Identity and Compliance and click IAM Role. |
|
4.
|
In the navigation pane of the console, choose Roles and then click Create Role. |
The Create Role window appears.
|
5.
|
Select AWS Service as the type of trusted entity. |
|
6.
|
Select EC2 as the service that will use the IAM Role. |
|
7.
|
Click Next: Permissions. |
The Permissions tab opens.
Permissions for IAM roles can be specified by creating a policy in JSON format. To copy the full list of permissions into the JSON editor tab, refer to Minimum Required AWS Permissions.
|
8.
|
Click Create Policy to attach a permission policy to the role. |
The Create Policy window appears.
The Review Policy window opens.
|
10.
|
Type a name and description for the policy and click Create Policy. |
|
11.
|
Choose Next: Tags (optional) or skip to reviewing the Role. Click Next: Review to review the Role. |
|
12.
|
Type a role name or a role name suffix. (Optional) Type a description for the new role. |
|
13.
|
Review the role and then select Create Role. This is the Role that will be attached to the new or existing ZCA VM. |
To attach an IAM Role to a new Instance:
|
2.
|
Navigate to Launch Instance. |
|
3.
|
In the Configure Instance Details step, click Create new IAM Role. |
|
4.
|
Follow the steps above and then proceed to install or upgrade the ZCA for AWS environments. |
To attach an IAM Role to an existing Instance:
|
2.
|
Navigate to the existing Instance and right click to get a list of Actions. |
|
3.
|
Click Instance Settings -> Attach/Replace IAM Role. |
|
4.
|
Select the IAM role to attach to your Instance, and choose Apply. |
|
5.
|
Now proceed to install or upgrade the ZCA for AWS environments. |