Create an IAM Role and Policy

Create an IAM role and Policy to allow Incorta EC2 instance to access S3 bucket to be used for backup and restore.

  1. Go to this link: https://console.aws.amazon.com/. aws_image27

  2. Select Policies. aws_image9

  3. Select Create Policy. aws_image4

  4. Select service S3. aws_image38

  5. Select Resources to add bucket name. aws_image40 aws_image22

  6. Select Review policy. aws_image15

  7. Select Create Policy
    aws_image41 Sample JSON code:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "s3:PutAnalyticsConfiguration",
                    "s3:GetObjectVersionTagging",
                    "s3:CreateBucket",
                    "s3:ReplicateObject",
                    "s3:GetObjectAcl",
                    "s3:DeleteBucketWebsite",
                    "s3:PutLifecycleConfiguration",
                    "s3:GetObjectVersionAcl",
                    "s3:PutObjectTagging",
                    "s3:DeleteObject",
                    "s3:DeleteObjectTagging",
                    "s3:GetBucketPolicyStatus",
                    "s3:GetBucketWebsite",
                    "s3:PutReplicationConfiguration",
                    "s3:DeleteObjectVersionTagging",
                    "s3:GetBucketNotification",
                    "s3:PutBucketCORS",
                    "s3:GetReplicationConfiguration",
                    "s3:ListMultipartUploadParts",
                    "s3:GetObject",
                    "s3:PutBucketNotification",
                    "s3:PutObject",
                    "s3:PutBucketLogging",
                    "s3:GetAnalyticsConfiguration",
                    "s3:GetObjectVersionForReplication",
                    "s3:GetLifecycleConfiguration",
                    "s3:ListBucketByTags",
                    "s3:GetBucketTagging",
                    "s3:GetInventoryConfiguration",
                    "s3:PutAccelerateConfiguration",
                    "s3:DeleteObjectVersion",
                    "s3:GetBucketLogging",
                    "s3:ListBucketVersions",
                    "s3:ReplicateTags",
                    "s3:RestoreObject",
                    "s3:GetAccelerateConfiguration",
                    "s3:ListBucket",
                    "s3:GetBucketPolicy",
                    "s3:PutEncryptionConfiguration",
                    "s3:GetEncryptionConfiguration",
                    "s3:GetObjectVersionTorrent",
                    "s3:AbortMultipartUpload",
                    "s3:GetBucketRequestPayment",
                    "s3:PutBucketTagging",
                    "s3:GetObjectTagging",
                    "s3:GetMetricsConfiguration",
                    "s3:DeleteBucket",
                    "s3:PutBucketVersioning",
                    "s3:GetBucketPublicAccessBlock",
                    "s3:ListBucketMultipartUploads",
                    "s3:PutMetricsConfiguration",
                    "s3:PutObjectVersionTagging",
                    "s3:GetBucketVersioning",
                    "s3:GetBucketAcl",
                    "s3:PutInventoryConfiguration",
                    "s3:GetObjectTorrent",
                    "s3:PutBucketRequestPayment",
                    "s3:PutBucketWebsite",
                    "s3:GetBucketCORS",
                    "s3:GetBucketLocation",
                    "s3:GetObjectVersion",
                    "s3:ReplicateDelete"
                ],
                "Resource": "arn:aws:s3:::incorta-ami-backup"
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": [
                    "s3:GetAccountPublicAccessBlock",
                    "s3:ListAllMyBuckets",
                    "s3:HeadBucket"
                ],
                "Resource": "*"
            }
        ]
  8. Select Role. aws_image3

  9. Select Create Role. aws_image12

  10. Select EC2 service, then Next. aws_image25

  11. Select the policy you created, then Next: Tags. aws_image20

  12. Select Next. aws_image1

  13. Select Create role. aws_image30

You created an IAM role. aws_image36