...
Info |
---|
The JCC (Java Component Container) is a node on the Data Plane that handles Pipeline executions. To set the global property of the Snaplex click the Node Properties tab to configure the nodes associated with the Snaplex.
|
Key Steps
...
Log in to the AWS console. Open the IAM console, navigate to Access Management > Roles,and click the Create role button.
Select the AWS service as the Trusted entity type, and EC2 as the Use case and click Next.
In Add permissions policies page, select all or desired policies that grant your instances access to the resources and then choose Next. A policy defines the AWS permissions you can assign to a user, group, or role. The permissions can be Custom-managed or AWS-managed and are created or edited in the visual editor and using JSON.
Optionally, as appropriate add tags. Click Next: Tags to skip to the next screen.
Specify a Role name and description. in the Name, review, and create page.
Review the details and add a name for the role and click Create role.
This is an example of a Custom managed policy min_sl_required_s3_permission, which contains minimum actions for all AWS S3 Snaps for accessing the bucket test-bucket. You should be able to read and write files in the bucket that is created. Learn more about creating custom-managed policies using AWS Management Console, AWS CLI, or AWS API in IAM, https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html?icmpid=docs_iam_console
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:PutObjectTagging",
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::test-bucket/",
"arn:aws:s3:::test-bucket"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource":" "
}
]
}
...
Navigate to the EC2 web console, and select Instances. Choose the required instance.
From the Actions dropdown menu, select Security > Modify IAM role.
Select the IAM role created and click Update IAM role. You also have the option to create a new IAM role from the EC2 web console.
Cross-Account IAM Role
Cross-Account IAM Role enables a client from an AWS account to access the resources of another AWS account temporarily using the Binary Snaps that support reading from or writing into S3 buckets. This helps organizations or different teams in an organization to access each other's AWS accounts without compromising security by sharing AWS credentials. Learn more about configuring Cross-Account role: Configuring Cross Account IAM Role Support
...
AWS S3 Account Configuration Scenarios
Scenario | IAM Policy and Account Details | Authenthication Keys and Fields |
---|---|---|
IAM role and EC2 instance are in the same account |
|
|
IAM role is in another account |
|
|
AWS S3 Account
You can use the AWS S3 account to connect the Binary Snaps with data sources that are in AWS S3 with valid permissions based on the Snap and intended operation.
For details on creating an AWS S3 Account and account-specific details along with troubleshooting details, refer to AWS S3 Account.
...