Configure the EC2 IAM role details before configuring the storage library using the AWS STS Assume Role with IAM Role Policy authentication access.
Procedure
-
Create an EC2 Role (For example:
DemoEC2Role
) with STS Policy with AssumeRole. (Sample json file.) -
Create an S3 Role (For example: DemoS3Role) with S3 Policy with the permissions shown in the json file. (Sample json file.)
-
From the S3 Role, Trust Relationship tab, click Edit Trust relationship, provide the EC2 Role ARN (For example: DemoEC2Role) as shown in the json file. (Sample json file.)
-
Attach EC2 Role (For example: DemoEC2Role) to the EC2 instance.
-
Copy the S3 Role ARN and provide this role as the ARN input during library configuration.
For example:
arn:aws:iam::xxxxxxxxxxx:role/DemoS3Role
Related Topics
For links to JSON files for AWS services, see IAM Policies for Protecting AWS Services with Commvault.