Configure IAM Role on AWS Connections
  • 1 Minute to read
  • Dark
    Light
  • PDF

Configure IAM Role on AWS Connections

  • Dark
    Light
  • PDF

  1. Open the AWS IAM console .

  2. Click the Policies on the sidebar, and select Create Policy.
    image.png

  3. Switch to JSON tab and Paste the attached policy, and click Review Policy. In this case, this is a basic policy of S3, as required for FileZone processes. Change the <my-bucket> placeholder in the policy with your S3 FileZone bucket name.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:RestoreObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<my-bucket>/*",
      "Sid": "AccessObjectsS3"
    },
    {
      "Action": [
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<my-bucket>",
      "Sid": "AccessBucketsS3"
    },
	{
	  "Action": [
	    "s3:ListAllMyBuckets"
	  ],
	  "Effect": "Allow",
	  "Resource": "*",
	  "Sid": "AccessListAllBuckets"
	}
  ]
}
  1. Click next, Tag the policy if wanted. Click on Next: Review.

  2. Set the policy name to Rivery-S3-Policy, and click Create Policy.
    image.png

  3. Click the Roles on the sidebar, and click Create Role.
    image.png

  4. Select Another AWS account, and set Rivery Account ID as defined on the connection screen.
    In Rivery S3 connection screen

  5. Check the Require External ID checkbox. Rivery provides you, in its AWS connection screens, a random external id which is generated for your session only. Set the **External ID **as shown in the screen, then click Next.

Note

The external id is being generated every time you define a new connection.
If you don't know from where you need to get the external id, please open a request to our support team.

image.png

  1. On the Attach Policy please attach the ‘Rivery-S3-Policy’ you've created above.

image.png

  1. Set Role name: Rivery-S3-Role and click on Create Role.
    image.png

  2. After createing the role, set up the Maximum session duration to 12 hours. Go into the role, and click on Edit.
    image.png

  3. Change the session duration to 12 hours and click on Save Changes.
    image.png

  4. From the Role in AWS, Copy the Role ARN.
    image.png

  5. Paste the Role ARN in the Rivery connection:
    image.png


Was this article helpful?