...
...
About IAM
Amazon Web Services (AWS) Identity and Access Management (IAM) is a web service that enables AWS customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.
...
IAM addresses this issue by enabling organizations to create multiple users (each user is a person, system, or application) who can use AWS products, each with individual security credentials, all controlled by and billed to a single AWS account. With IAM, each user is allowed to do only what they need to do as part of the user's job.
There are two methods by which one can set up Identity and Access Management for your SoftNAS Cloud® instance:
We strongly recommend creating the IAM Role prior to setting up your instance, as it is the more secure method. Specifying an IAM User for your SoftNAS Cloud® instance is used when adding IAM functionality to existing instances.
...
Creating the IAM Policy for SoftNAS Cloud®
To create an IAM Policy for use with SoftNAS Cloud you will need to use the AWS IAM Console at https://console.aws.amazon.com/iam/home#/home or search for IAM in the AWS services from the AWS Console home.
1. To create the custom policy, click Policies from within the navigation pane.
2. Select Create Policy.
3. On the Create Policy screen, click the JSON option.
4. Delete the text in the JSON Editor.
4. Copy the JSON text shown under IAM Role Policy below, and paste it into the AWS JSON editor and then click “Review policy” at the bottom of the page.
IAM Role Policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1444200186000", "Effect": "Allow", "Action": [ "ec2:ModifyInstanceAttribute", "ec2:DescribeInstances", "ec2:CreateVolume", "ec2:DeleteVolume", "ec2:CreateSnapshot", "ec2:DeleteSnapshot", "ec2:CreateTags", "ec2:DeleteTags", "ec2:AttachVolume", "ec2:DetachVolume", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "aws-marketplace:MeterUsage", "ec2:DescribeRouteTables", "ec2:DescribeAddresses", "ec2:DescribeTags", "ec2:DescribeInstances", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ReplaceRoute", "ec2:CreateRoute", "ec2:DeleteRoute", "ec2:AssociateAddress", "ec2:DisassociateAddress",
"s3:CreateBucket", "s3:Delete*", "s3:Get*", "s3:List*", "s3:Put*" ], "Resource": [ "*" ] } ] } |
|---|
5. Enter a “Name” and “Description” for your policy and click “Create policy”.
6. Your IAM Policy for use with SoftNAS should now be created.
Creating the IAM Role
To create an IAM Role for use with SoftNAS Cloud and a previously created IAM Policy, you will need to use the AWS IAM Console at https://console.aws.amazon.com/iam/home#/home or search for IAM in the AWS services from the AWS Console home.
- From within the IAM Console, from the navigation pane, click Roles, and then click Create Role.
- Select EC2 as the service for this role by clicking the “EC2” service and then click “Next: Permissions” at the bottom of the page.
- Attach the permissions policy that you previous created for use with SoftNAS by checking the check box next to that policy, and then click “Next: Review”.
- Give your new role a “Role name” and “Role description” and then click “Create role”.
- Your new SoftNAS role should now be created.
