Configuring EC2 IAM Role Details for STS Assume IAM Role

Configure the EC2 IAM role details before configuring the storage library using the AWS STS Assume Role with IAM Role Policy authentication access.

Procedure

  1. Create an EC2 Role (For example: DemoEC2Role) with STS Policy with AssumeRole. (Sample json file.)

  2. Create an S3 Role (For example: DemoS3Role) with S3 Policy with the permissions shown in the json file. (Sample json file.)

  3. From the S3 Role, Trust Relationship tab, click Edit Trust relationship, provide the EC2 Role ARN (For example: DemoEC2Role) as shown in the json file. (Sample json file.)

  4. Attach EC2 Role (For example: DemoEC2Role) to the EC2 instance.

  5. Copy the S3 Role ARN and provide this role as the ARN input during library configuration.

    For example: arn:aws:iam::xxxxxxxxxxx:role/DemoS3Role

For links to JSON files for AWS services, see IAM Policies for Protecting AWS Services with Commvault.

Loading...