User-based Configuration
Overview
Follow these steps to create a restricted AWS IAM user with the required credentials for performing the installation:
- Creating an AWS IAM User: create a restricted AWS IAM user with the required credentials for performing the installation.
- Creating an AWS IAM Role and Instance Profile: create an AWS instance profile with a restricted IAM role that allows the platform's Amazon Elastic Compute Cloud (EC2) instances to call the AWS API.
Creating an AWS IAM User
When installing the platform, the installation needs the credentials of your AWS account to create the required infrastructure. This page walks you through the steps for creating a restricted AWS IAM user, which has only the minimal set of permissions that are required for the installation. You'll need to provide the credentials of this user as part of the platform installation, as outlined in the platform's AWS cloud installation guide.
Step 1: AWS Login
Log into your AWS Management Console and select the IAM service.
Step 2: Create a New User
In the side navigation menu, select 
Step 3: Set the User's Access Permissions and Name
In the
- In the
User name field, enter the name of the new user (for example, "Provazio" — recommended). - In the
Access type field, check theProgrammatic access option to allow the user only programmatic access.
When you're done, select
Step 4: Create a Policy
Select 
Download the platform IAM policy file $AWS_ACCOUNT_ID instances with your AWS Account ID.
Paste the contents of your selected policy file in the 
Step 5: Create the User
Filter the policies for the name of the policy that you created and select the policy.
Select
Select
Step 6: Save the User Credential
Download and save the credentials of the new user (
Creating an AWS IAM Role and Instance Profile
At times, the platform's EC2 instances need to access the AWS API. For example, to achieve high availability, the instances within a cluster share a single secondary IP address, which is allocated to a specific instance at any given moment. Migrating this secondary IP to another instance requires an AWS API call to update the internal AWS network. To perform an AWS API call, the platform must be authenticated using AWS credentials with the necessary permissions for performing this operation. To allow this, the platform installer needs to receive the name of an AWS instance profile that contains an IAM role with the required permissions.
This guide walks you through the steps for creating the required IAM role for the platform installation, using the AWS Management Console. When using the console to create a role for Amazon EC2, the console automatically creates an instance profile with the same name as the role. You'll need to provide this name as part of the platform installation, as outlined in the platform's AWS cloud installation guide.
Step 1: AWS Login
Log into your AWS Management Console and select the IAM service.
Step 2: Create a New Role
In the side navigation menu, select 
Step 3: Select the AWS EC2 Use Case
Select the 
Step 4: Create a Policy
Select 
Under the 
Step 5: Create the Role
Filter the policies for the name of the policy that you created and select the policy.
Enter "IguazioDataScienceNode" as the role name, optionally add a description, and select