Setup IAM Role Permissions for the AWS EC2 Controller
AWS Identity and Access Management (IAM) roles are entities you create and assign specific permissions to that allow trusted identities such as workforce identities and applications to perform actions in AWS.
For more information on IAM roles see the Amazon AWS documentation site: IAM Roles
-
Create an IAM Role for the EC2 instance.
-
Once the IAM role is created, assign the following policies to the role.
-
Select the controller instance and assign the created Role to the controller instance using the Modify IAM role option.
-
Check the Security tab of the controller instance and verify that the AIM role you created is visible.
EC2 Policy
The following JSON policy, when added to the IAM EC2 Role assigned to the controller, allows the scenario executions to instantiate, start, stop and terminate EC2 test nodes.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:TerminateInstances",
"ec2:DescribeTags",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:StopInstances" ],
"Resource": "*" }
]
}S3 Policy for a given bucket
This policy will allow the AIQ controller to setup AWS S3 storages without the need to provide Access Credentials. In the JSON below replace the your-bucket-name with the bucket name you will be using for your AIQ dashboards.
This is only for AIQ release 5.2.3+.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}
]
}