Granting permissions when Cloud Manager is not launched from Cloud Central Edit on GitHub

If you cannot launch Cloud Manager in AWS from NetApp Cloud Central, then you must provide Cloud Manager with the permissions that it needs if you want to launch and manage Cloud Volumes ONTAP in AWS.

About this task

The Cloud Manager IAM policy defines the AWS actions and resources that Cloud Manager is allowed to use. You can grant the permissions defined in the IAM policy in one of two ways:

  • You can attach an IAM role to the Cloud Manager instance in AWS.

  • You can attach the IAM policy to IAM users or groups.

    You would then specify the AWS access keys for those users in Cloud Manager.

Steps
  1. Download the Cloud Manager IAM policy from the following location:

  2. From the IAM console, create your own policy by copying and pasting the text from the Cloud Manager IAM policy.

  3. Grant permissions to the Cloud Manager instance or to IAM users:

    Option Description

    Grant permissions to the Cloud Manager instance

    1. Create an IAM role with the role type Amazon EC2 and attach the policy that you created in the previous step to the role.

    2. Attach the IAM role to Cloud Manager when you launch it from the AWS Marketplace (choose Custom Launch) or by modifying an existing instance from the EC2 console.

    Grant permissions to IAM users

    Attach the policy to IAM users or groups. For instructions, refer to AWS Documentation: Managing IAM Policies.

Result

Cloud Manager now has the permissions that it needs. If you attached the policy to IAM users, you must specify the AWS access keys for those IAM users when you set up user accounts in Cloud Manager.