Creating an IAM Role for Granting Access to a Project Store
Create this IAM role in the AWS Console as part of configuring storage settings when you are connecting your AWS account to Dremio Cloud manually during the sign-up process for Dremio Cloud, or as part of adding a project to an organization.
-
Log into the AWS Console and open IAM.
-
Under Access management on the left side of the page, select Roles.
-
On the Roles page, click Create role.
-
On the Create Role page in the AWS Console, select AWS service.
-
Select EC2.
-
Click Next: Permissions.
-
Click Next: Tags.
-
Click Next: Review.
-
In the Review section, give the role a name.
-
Click Create Role.
-
On the Roles page, click the role.
-
In the Permissions section, click Add inline policy.
-
On the Create Policy page, click the JSON tab.
-
Delete the current JSON and then paste the policy JSON.
-
Click Review policy.
-
Under Review policy, name the policy.
-
Click Create policy.
-
On the Summary page, click the Trust relationships tab.
-
Click Edit trust relationship.
-
Under Policy Document, paste the JSON snippet into the
Statementarray. The complete policy document looks like this: Policy document, including Statement snippet{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<trust account ID>:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "<external ID>"
}
}
}
]
} -
Click Update Trust Policy.
-
Copy the role ARN and the instance-profile ARN.