Set up permissions for FSx for ONTAP

Contributors juliantap netapp-bcammett

To create or manage an Amazon FSx for ONTAP working environment, you need to add AWS credentials to Cloud Manager by providing the ARN of an IAM role that gives Cloud Manager the permissions needed to create an FSx for ONTAP working environment.

Set up the IAM role

Set up an IAM role that enables the Cloud Manager SaaS to assume the role.

Steps
  1. Go to the IAM console in the target account.

  2. Under Access Management, click Roles > Create Role and follow the steps to create the role.

    Be sure to do the following:

    • Under Trusted entity type, select AWS account.

    • Select Another AWS account and enter the ID of the Cloud Manager SaaS: 952013314444

    • Create a policy that includes the following permissions:

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "VisualEditor0",
                  "Effect": "Allow",
                  "Action": [
                      "fsx:*",
                      "ec2:Describe*",
                      "ec2:CreateTags",
                      "kms:Describe*",
                      "kms:List*",
                      "iam:CreateServiceLinkedRole"
                  ],
                  "Resource": "*"
              }
          ]
      }
  3. Copy the Role ARN of the IAM role so that you can paste it in Cloud Manager in the next step.

Result

The IAM role now has the required permissions.

Add the credentials

After you provide the IAM role with the required permissions, add the role ARN to Cloud Manager.

Before you get started

If you just created the IAM role, it might take a few minutes until they are available for use. Wait a few minutes before you add the credentials to Cloud Manager.

Steps
  1. In the upper right of the Cloud Manager console, click the Settings icon, and select Credentials.

    A screenshot that shows the Settings icon in the upper right of the Cloud Manager console.

  2. Click Add Credentials and follow the steps in the wizard.

    1. Credentials Location: Select Amazon Web Services > Cloud Manager.

    2. Define Credentials: Provide the ARN (Amazon Resource Name) of the IAM role.

    3. Review: Confirm the details about the new credentials and click Add.

Result

You can now use the credentials when creating an FSx for ONTAP working environment.