Set up permissions for FSx for ONTAP
To create or manage an Amazon FSx for ONTAP working environment, you need to add AWS credentials to Cloud Manager by providing the ARN of an IAM role that gives Cloud Manager the permissions needed to create an FSx for ONTAP working environment.
Set up the IAM role
Set up an IAM role that enables the Cloud Manager SaaS to assume the role.
-
Go to the IAM console in the target account.
-
Under Access Management, click Roles > Create Role and follow the steps to create the role.
Be sure to do the following:
-
Under Trusted entity type, select AWS account.
-
Select Another AWS account and enter the ID of the Cloud Manager SaaS: 952013314444
-
Create a policy that includes the following permissions:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "fsx:*", "ec2:Describe*", "ec2:CreateTags", "kms:Describe*", "kms:List*", "iam:CreateServiceLinkedRole" ], "Resource": "*" } ] }
-
-
Copy the Role ARN of the IAM role so that you can paste it in Cloud Manager in the next step.
The IAM role now has the required permissions.
Add the credentials
After you provide the IAM role with the required permissions, add the role ARN to Cloud Manager.
If you just created the IAM role, it might take a few minutes until they are available for use. Wait a few minutes before you add the credentials to Cloud Manager.
-
In the upper right of the Cloud Manager console, click the Settings icon, and select Credentials.
-
Click Add Credentials and follow the steps in the wizard.
-
Credentials Location: Select Amazon Web Services > Cloud Manager.
-
Define Credentials: Provide the ARN (Amazon Resource Name) of the IAM role.
-
Review: Confirm the details about the new credentials and click Add.
-
You can now use the credentials when creating an FSx for ONTAP working environment.