Setting EC2 Instance Permissions in AWS

For installation of the ZCA to succeed in AWS, the permission level of the VM running the ZCA must be set using IAM Roles.

To set mandatory permissions in IAM Role:

1. In the AWS Management Console, navigate to All ServicesSecurity Identity and Compliance and click IAM Role.
2. If you already have a VM with ZCA, proceed with In the navigation pane of the console, choose Roles and then click Create Role.
3. If you do not have a VM with ZCA, see Requirements for AWS Environments in Zerto - Prerequisites & Requirements for Amazon Web Services (AWS).
4. In the navigation pane of the console, choose Roles and then click Create Role.

The Create Role window appears.

5. Select AWS Service as the type of trusted entity.

6. Select EC2 as the service that will use the IAM Role.

7. Click Next: Permissions.

The Permissions tab opens.

Permissions for IAM roles can be specified by creating a policy in JSON format. To copy the full list of permissions into the JSON editor tab, refer to Minimum Required AWS Permissions.

8. Click Create Policy to attach a permission policy to the role.

The Create Policy window appears.

9. Navigate to the JSON editor tab. Paste the set of minimum permissions provided in Minimum Required AWS Permissions. Then, click Review Policy.

The Review Policy window opens.

10. Type a name and description for the policy and click Create Policy.

11. Choose Next: Tags (optional) or skip to reviewing the Role. Click Next: Review to review the Role.
12. Type a role name or a role name suffix. (Optional) Type a description for the new role.

13. Review the role and then select Create Role. This is the Role that will be attached to the new or existing ZCA VM.

To attach an IAM Role to a new Instance:

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2. Navigate to Launch Instance.
3. In the Configure Instance Details step, click Create new IAM Role.

4. Follow the steps above and then proceed to install or upgrade the ZCA for AWS environments.

To attach an IAM Role to an existing Instance:

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2. Navigate to the existing Instance and right click to get a list of Actions.
3. Click Instance Settings -> Attach/Replace IAM Role.

4. Select the IAM role to attach to your Instance, and choose Apply.
5. Now proceed to install or upgrade the ZCA for AWS environments.