Versions Compared

Version Old Version 3 New Version Current
Changes made by

Former user

Sean Hastert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated links in the proper manner.

About IAM

...

AWS

...

Identity and Access Management (IAM)

...

Without IAM, organizations with multiple users and systems must either create multiple AWS accounts, each with its own billing and subscriptions to AWS products, or employees must all share the security credentials of a single AWS account. Also, without IAM, there is no control over the tasks a particular user or system can do and what AWS resources they might use.

IAM addresses this issue by enabling organizations to create multiple users (each user is a person, system, or application) who can use AWS products, each with individual security credentials, all controlled by and billed to a single AWS account. With IAM, each user is allowed to do only what they need to do as part of the user's job.

There are two methods by which one can set up Identity and Access Management for your SoftNAS Cloud® instance:

We strongly recommend creating the IAM Role prior to setting up your instance, as it is the more secure method. Specifying an IAM User for your SoftNAS Cloud® instance is used when adding IAM functionality to existing instances.

...

enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. 

Buurst recommends use of an Identity and Access Management (IAM) when creating your SoftNAS instance. You will need to create both an IAM Policy and IAM Role for use with your SoftNAS instance.

Widget Connector
width500
urlhttps://vimeo.com/303556716
height300

Creating the IAM Policy for SoftNAS®

To create an IAM Policy for use with SoftNAS you will need to use the AWS IAM Console here, or search for IAM in the AWS services from the AWS Console home.

  •  1. To create the custom policy, navigate to the Identity and Access Management (IAM) page and click Policies from within the navigation pane.

Image Added

  •  Select Create Policy.

Image Added

  •  On the Create Policy screen, click the JSON option.

Image Added

  •  Delete the text in the JSON Editor.
  •  Copy the JSON text shown under IAM Role Policy below, and paste it into the AWS JSON editor.

Image Added

IAM Role Policy


Note
You can copy and paste the content on the right and use it as the IAM Role Policy being created.



Code Block
firstline1
titleIAM Policy
linenumberstrue
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1444200186000",
      "Effect": "Allow",
      "Action": [
        "ec2:ModifyInstanceAttribute",
        "ec2:DescribeInstances",
        "ec2:CreateVolume",
        "ec2:DeleteVolume",
        "ec2:CreateSnapshot",
        "ec2:DeleteSnapshot",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:AttachVolume",
        "ec2:DetachVolume",
        "ec2:DescribeVolumes",
        "ec2:DescribeSnapshots",
        "aws-marketplace:MeterUsage",
        "ec2:DescribeRouteTables",
        "ec2:DescribeAddresses",
        "ec2:DescribeTags",
        "ec2:ModifyNetworkInterfaceAttribute",
        "ec2:ReplaceRoute",
        "ec2:CreateRoute",
        "ec2:DeleteRoute",
        "ec2:AssociateAddress",
        "ec2:DisassociateAddress",
        "ec2:StopInstances",
        "ec2:RebootInstances",
        "s3:CreateBucket",
        "s3:Delete*",
        "s3:Get*",
        "s3:List*",
        "s3:Put*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}



  •  Click Next: Tags at the bottom of the page.

Image Added

  •  Click Add tag to assign tags to the IAM Policy.  This step is optional and can be skipped.
  •  Click Next: Review at the bottom of the page.

Image Added

  •  Enter a Name and Description for your policy and click Create policy.


Note
The IAM Policy name created must be SoftNAS_HA_IAM or SoftNAS_DISK_IAM.


Image Added

  •  Your IAM Policy for use with SoftNAS should now be created.

Image Added

Creating an IAM Role for use with SoftNAS

To create an IAM Role for use with SoftNAS and a previously created IAM Policy, you will need to use the AWS IAM Console here, or search for IAM in the AWS services from the AWS Console home.


  •  To create a new role, click Roles from within the navigation pane.

Image Added

  •  Select Create role.

Image Added

  •  From Trusted entity type select AWS service.
  •  From Use case select EC2 as the service.
  •  Click Next.

Image Added

  •  Attach the permissions policy that you previous created for use with SoftNAS by checking the check box next to that policy, and then click Next.

Image Added

  •  Give your new role a Role name and Role description and then click Create role


Note

The role name must beSoftNAS_HA_IAM or SoftNAS_DISK_IAM.


Image Added

  •  Your new SoftNAS role should now be created.  This role can be used later when launching your SoftNAS AWS instance.



Image Added