- 1 Minute to read
-
Print
-
DarkLight
-
PDF
Configure IAM Role on AWS Connections
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
-
Open the AWS IAM console .
-
Click the Policies on the sidebar, and select Create Policy.
-
Switch to JSON tab and Paste the attached policy, and click Review Policy. In this case, this is a basic policy of S3, as required for FileZone processes. Change the <my-bucket> placeholder in the policy with your S3 FileZone bucket name.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:RestoreObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<my-bucket>/*",
"Sid": "AccessObjectsS3"
},
{
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<my-bucket>",
"Sid": "AccessBucketsS3"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AccessListAllBuckets"
}
]
}
-
Click next, Tag the policy if wanted. Click on Next: Review.
-
Set the policy name to Rivery-S3-Policy, and click Create Policy.
-
Click the Roles on the sidebar, and click Create Role.
-
Select Another AWS account, and set Rivery Account ID as defined on the connection screen.
-
Check the Require External ID checkbox. Rivery provides you, in its AWS connection screens, a random external id which is generated for your session only. Set the **External ID **as shown in the screen, then click Next.
The external id is being generated every time you define a new connection.
If you don't know from where you need to get the external id, please open a request to our support team.
- On the Attach Policy please attach the ‘Rivery-S3-Policy’ you've created above.
-
Set Role name: Rivery-S3-Role and click on Create Role.
-
After createing the role, set up the Maximum session duration to 12 hours. Go into the role, and click on Edit.
-
Change the session duration to 12 hours and click on Save Changes.
-
From the Role in AWS, Copy the Role ARN.
-
Paste the Role ARN in the Rivery connection: