On this page

    Creating an IAM Role for Granting Access to a Project Store

    Create this IAM role in the AWS Console as part of configuring storage settings when you are connecting your AWS account to Dremio Cloud manually during the sign-up process for Dremio Cloud, or as part of adding a project to an organization.

    1. Log into the AWS Console and open IAM.

    2. Under Access management on the left side of the page, select Roles.

    3. On the Roles page, click Create role.

    4. On the Create Role page in the AWS Console, select AWS service.

    5. Select EC2.

    6. Click Next: Permissions.

    7. Click Next: Tags.

    8. Click Next: Review.

    9. In the Review section, give the role a name.

    10. Click Create Role.

    11. On the Roles page, click the role.

    12. In the Permissions section, click Add inline policy.

    13. On the Create Policy page, click the JSON tab.

    14. Delete the current JSON and then paste the policy JSON.

    15. Click Review policy.

    16. Under Review policy, name the policy.

    17. Click Create policy.

    18. On the Summary page, click the Trust relationships tab.

    19. Click Edit trust relationship.

    20. Under Policy Document, paste the JSON snippet into the Statement array. The complete policy document looks like this:

      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Principal": {
              "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
          },
          {
            "Effect": "Allow",
            "Principal": {
              "AWS": "arn:aws:iam::<trust account ID>:root"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
              "StringEquals": {
                "sts:ExternalId": "<external ID>"
              }
            }
          }
        ]
      }
      
    21. Click Update Trust Policy.

    22. Copy the role ARN and the instance-profile ARN.