Creating an IAM Role for Granting Access to a Project Store
Create this IAM role in the AWS Console as part of configuring storage settings when you are connecting your AWS account to Dremio Cloud manually during the sign-up process for Dremio Cloud, or as part of adding a project to an organization.
- Log into the AWS Console and open IAM.
- Under Access management on the left side of the page, select Roles.
- On the Roles page, click Create role.
- On the Create Role page in the AWS Console, select AWS service.
- Select EC2.
- Click Next: Permissions.
- Click Next: Tags.
- Click Next: Review.
- In the Review section, give the role a name.
- Click Create Role.
- On the Roles page, click the role.
- In the Permissions section, click Add inline policy.
- On the Create Policy page, click the JSON tab.
- Delete the current JSON and then paste the policy JSON.
- Click Review policy.
- Under Review policy, name the policy.
- Click Create policy.
- On the Summary page, click the Trust relationships tab.
- Click Edit trust relationship.
- Under Policy Document, paste the JSON snippet into the
Statementarray. The complete policy document looks like this: Policy document, including Statement snippet{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<trust account ID>:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "<external ID>" } } } ] } - Click Update Trust Policy.
- Copy the role ARN and the instance-profile ARN.
Was this page helpful?
Glad to hear it! Thank you for your feedback.
Sorry to hear that. Thank you for your feedback.