Configuring EC2 IAM Role Details for STS Assume IAM Role

Configure the EC2 IAM role details before configuring the storage library using the AWS STS Assume Role with IAM Role Policy authentication access.

Procedure

1. Create a EC2 Role (For example: DemoEC2Role) with STS Policy with AssumeRole. (Sample json file.)

   {
   "Version": "2012-10-17",
     "Statement": [
       {
         "Sid": "VisualEditor0",
         "Effect": "Allow",
         "Action": "sts:AssumeRole",
         "Resource": "*"
       }
     ]
   }

2. Create a S3 Role (For example: DemoS3Role) with S3 Policy with the permissions shown in the following example: (Sample json file.)

   {
   "Version": "2012-10-17",
     "Statement": [
       {
         "Sid": "VisualEditor0",
         "Effect": "Allow",
         "Action": [
           "s3:PutObject",
           "s3:GetObject",
           "s3:ListAllMyBuckets",
           "s3:RestoreObject",
           "s3:ListBucket",
           "s3:PutObjectTagging",
           "s3:PutObjectRetention",
           "s3:DeleteObject",
           "s3:GetBucketLocation"
         ],
         "Resource": "*"
       }
     ]
   }

3. From the S3 Role, Trust Relationship tab, click Edit Trust relationship, provide the EC2 Role ARN as follows: (Sample json file.)

   {
   "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Principal": {
         "AWS": "arn:aws:iam::xxxxxxxxxxx:role/DemoEC2Role"
         },
         "Action": "sts:AssumeRole"
       }
     ]
   }

4. Attach EC2 Role (For example: DemoEC2Role) to the EC2 instance.

5. Copy the S3 Role ARN and provide this role as the arn input during library configuration.

   For example: arn:aws:iam::xxxxxxxxxxx:role/DemoS3Role