Set up permissions for FSx for ONTAP

Contributors juliantap Download PDF of this page

To create or manage your Amazon FSx for ONTAP working environment, you need an AWS access key and secret key for an IAM user role with FSx for ONTAP permissions. These permissions are different from the permissions required to create a Connector in AWS.

Note You can create a new IAM user role with FSx for ONTAP permissions or edit an existing IAM user role to include the additional FSx for ONTAP permissions. We recommend the latter to avoid having to use multiple keys for your Connector and for FSx for ONTAP access.
Steps

To grant FSx for ONTAP permissions to an IAM user role:

  1. From the AWS IAM console, create a new policy or edit an existing policy to include the following actions for FSx for ONTAP:

    "ec2:Describe*"
    "kms:Describe*"
    "kms:List*"
    "fsx:*"
    "iam:CreateServiceLinkedRole"
    "ec2:CreateTags"
  2. Attach the policy you created in the previous step to the IAM user role.

Result

The AWS user now has permissions required for FSx for ONTAP in Cloud Manager.