Versions Compared

Old Version 9

changes.mady.by.user Leena Gopal

Saved on

compared with

New Version 10

changes.mady.by.user Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

The JCC (Java Component Container) is a node on the Data Plane that handles Pipeline executions. To set the global property of the Snaplex click the Node Properties tab to configure the nodes associated with the Snaplex.

Key Steps

...

  1. Log in to the AWS console. Open the IAM console, navigate to Access Management > Roles,and click the Create role button.

  2. Image RemovedImage Added

    Select the AWS service as the Trusted entity type, and EC2 as the Use case and click Next.

    Image RemovedImage Added

  3. In Add permissions policies page, select all or desired policies that grant your instances access to the resources and then choose Next. A policy defines the AWS permissions you can assign to a user, group, or role. The permissions can be Custom-managed or AWS-managed and are created or edited in the visual editor and using JSON.

    Image RemovedImage Added

  4. Optionally, as appropriate add tags. Click Next: Tags to skip to the next screen.

  5. Specify a Role name and description. in the Name, review, and create page.

  6. Review the details and add a name for the role and click Create role.

    Image RemovedImage Added

     

This is an example of a Custom managed policy min_sl_required_s3_permission, which contains minimum actions for all AWS S3 Snaps for accessing the bucket test-bucket. You should be able to read and write files in the bucket that is created. Learn more about creating custom-managed policies using AWS Management Console, AWS CLI, or AWS API in IAM, https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html?icmpid=docs_iam_console

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:PutObjectTagging",
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::test-bucket/",
"arn:aws:s3:::test-bucket"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource":" "
}
]
}

...

  1. Navigate to the EC2 web console, and select Instances. Choose the required instance.

  2. From the Actions dropdown menu, select Security > Modify IAM role.

    Image Removedmodify_iam_role_updated.pngImage Added

  3. Select the IAM role created and click Update IAM role. You also have the option to create a new IAM role from the EC2 web console.

    Image Removedupdate_iam_role_to_ec2instance.pngImage Added

Cross-Account IAM Role

Cross-Account IAM Role enables a client from an AWS account to access the resources of another AWS account temporarily using the Binary Snaps that support reading from or writing into S3 buckets. This helps organizations or different teams in an organization to access each other's AWS accounts without compromising security by sharing AWS credentials. Learn more about configuring Cross-Account role: Configuring Cross Account IAM Role Support

...

AWS S3 Account Configuration Scenarios

Scenario

IAM Policy and Account Details

Authenthication Keys and Fields

IAM role and EC2 instance are in the same account

  • IAM Policy attached to S3 Account

  • IAM Role attached to the EC2 instance

  • Access-key ID and Secret key fields are needed

  • Select IAM Role checkbox

IAM role is in another account

  • IAM Policy that assumes the IAM role account

  • Cross-Account Settings

  • Amazon Resource Name (ARN) of the IAM role

AWS S3 Account

You can use the AWS S3 account to connect the Binary Snaps with data sources that are in AWS S3 with valid permissions based on the Snap and intended operation.
For details on creating an AWS S3 Account and account-specific details along with troubleshooting details, refer to AWS S3 Account.

...