Prerequisites for configuring AWS instance

This section describes the prerequisites that you must perform before you configure an AWS instance.

If you are using an IAM user, then do the following:

  1. Login to Amazon Web Services console with the valid user credentials.
  2. You can use the following predefined policy:
    1. ReadOnlyAccess policy

  3. In case, if you do not want to use the predefined policy, then you can create your own policy with limited permissions.

    The Format of Read Only Access policy:

    {
    "Version": "yyyy-mm-dd",
    "Statement": [      
    {
    "Sid": "Statement Id",
    "Effect": "Allow",
    "Action": [  
               "Service1:Permission1",
               "Service2:Permission2"
              ],

    "Resource": [
                  "*"          
                ]      
           }
        ]
    }        

     

    Sample for Read Only Access to Amazon Web Services
    {
    "Version":"2012-10-17",
    "Statement":[     
        {    
    "Sid": "Stmt1433933070000",
    "Effect": "Allow",
    "Action": [
    "apigateway:GET",
    "autoscaling:DescribeAutoScalingGroups",
    "cloudfront:ListDistributions",
    "cloudfront:ListStreamingDistributions",
    "cloudwatch:GetMetricStatistics",
    "cloudwatch:ListMetrics",
    "dynamodb:DescribeTable",
    "dynamodb:ListTables",            
                       "ec2:DescribeInstances",             
                       "ec2:DescribeVolumes",             
                       "elasticache:DescribeCacheClusters",
    "elasticloadbalancing:DescribeLoadBalancers",
    "elasticmapreduce:ListClusters",                  
                       "iam:GetUser",
                       "iot:ListTopicRules",
    "iot:GetTopicRule",                  
                       "lambda:ListFunctions",
    "logs:DescribeLogStreams",
    "logs:FilterLogEvents",
    "opsworks:DescribeInstances",
    "opsworks:DescribeLayers",
    "opsworks:DescribeStacks",                  
    "rds:DescribeDBInstances",             
    "redshift:DescribeClusters",
    "route53:ListHealthChecks",  
    "s3:ListBucket",
                   "s3:ListAllMyBuckets",
                  "s3:GetBucketLocation",
    "sns:ListTopics",
    "sqs:ListQueues",
    "storagegateway:ListGateways"                  
                      ],
    "Resource":[           
                           "*"        
                           ]    
         }             
       ]
    }

Related topics

Configuring-the-KM-in-the-PATROL-Console

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*