IdeaArmour > Redis Cloud > Marketplace integrations > AWS cloud accounts > Create IAM resources > AWS console
Create IAM resources using AWS console
Self-managed AWS accounts are deprecated, so this article has been archived.
To manually create IAM resources using the AWS console, follow these steps.
Step 1: Create the IAM instance policy
First, create a policy to use for the new instance role:
In the AWS IAM console, go to Policies > Create policy.
In the JSON tab, paste the contents of the RedisLabsInstanceRolePolicy.json policy file, shown here:
View RedisLabsInstanceRolePolicy.json{ "Version": "2012-10-17", "Statement": [ { "Sid": "EC2", "Effect": "Allow", "Action": [ "ec2:DescribeAvailabilityZones", "ec2:DescribeRegions", "ec2:DescribeSecurityGroups", "ec2:DescribeTags", "ec2:DescribeVolumes" ], "Resource": "*" }, { "Sid": "EC2Tagged", "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/RedisLabsIdentifier": "Redislabs-VPC" } } }, { "Sid": "EBSVolumeActions", "Effect": "Allow", "Action": [ "ec2:AttachVolume", "ec2:CreateVolume", "ec2:CreateTags", "ec2:DescribeTags" ], "Resource": "*" }, { "Sid": "S3Object", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetObjectAcl", "s3:DeleteObject", "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "*" }, { "Sid": "IAM", "Effect": "Allow", "Action": [ "iam:GetPolicy", "iam:ListPolicies" ], "Resource": "*" } { "Sid": "ResourceAccessManagerActions", "Effect": "Allow", "Action": [ "ram:AcceptResourceShareInvitation", "ram:GetResourceShares", "ram:RejectResourceShareInvitation", "ram:GetResourceShareInvitations", "ram:DisassociateResourceShare" ], "Resource": "*" }, { "Sid": "CreateAndChangeServiceLinkedRoleForTransitGateway", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/" "aws-service-role/transitgateway.amazonaws.com/AWSServiceRoleForVPCTransitGateway*", "Condition": {"StringLike": {"iam:AWSServiceName": "transitgateway.amazonaws.com"}} }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/" "aws-service-role/transitgateway.amazonaws.com/AWSServiceRoleForVPCTransitGateway*" } ] }Validate it and then select Review Policy.
Enter RedisLabsInstanceRolePolicy as the policy name and then select Create Policy.
Step 2: Create the service role
To create the role that uses the policy:
- In the AWS IAM console, go to Roles and click Create Role.
- Select AWS Service as the trusted entity, EC2 as the service and use case, and click Next: Permissions.
- Enter
RedisLabsInstanceRolePolicyin the search box to look up the policy we just created, select it, and click Next: Review. - Name the role
redislabs-cluster-node-roleand click Create Role.
Step 3: Create the user policy
Now create a policy to assign to the user:
In the AWS IAM console, go to Policies > Create policy.
In the JSON tab, paste the contents of the RedisLabsIAMUserRestrictedPolicy.json policy file.
View RedislabsIAMUserRestrictedPolicy.json<div class="highlight"><pre tabindex="0" style="color:#272822;background-color:#fafafa;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-js" data-lang="js"><span style="display:flex;"><span><span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Version"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"2012-10-17"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Statement"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Ec2DescribeAll"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"ec2:Describe*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"CloudWatchReadOnly"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"cloudwatch:Describe*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"cloudwatch:Get*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"cloudwatch:List*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">],</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"IamUserOperations"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:GetUser"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:GetUserPolicy"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:ChangePassword"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">],</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"arn:aws:iam::*:user/${aws:username}"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"RolePolicyUserReadActions"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:GetRole"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:GetPolicy"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:ListUsers"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:ListPolicies"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:ListRolePolicies"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:ListAttachedRolePolicies"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:ListInstanceProfiles"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:ListInstanceProfilesForRole"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"iam:SimulatePrincipalPolicy"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">],</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"KeyPairActions"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:CreateKeyPair"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:DeleteKeyPair"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:ImportKeyPair"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">],</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"CreateInstancesSnapshotsVolumesAndTags"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:CreateVolume"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:AttachVolume"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:StartInstances"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:RunInstances"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:CreateSnapshot"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:CreateTags"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:ModifyInstanceAttribute"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">],</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"PassRlClusterNodeRole"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"iam:PassRole"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"arn:aws:iam::*:role/redislabs-cluster-node-role"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"NetworkAccess"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*Vpc*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*VpcPeering*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*Subnet*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*Gateway*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*Vpn*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*Route*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*Address*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*SecurityGroup*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*NetworkAcl*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:*DhcpOptions*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">],</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"DeleteInstancesVolumesSnapshotsAndTagsWithIdentiferTag"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#111">[</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:RebootInstances"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:StopInstances"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:TerminateInstances"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:DeleteVolume"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:DeleteSnapshot"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:DetachVolume"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:DeleteTags"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">],</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Condition"</span><span style="color:#f92672">:</span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"StringEquals"</span><span style="color:#f92672">:</span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"ec2:ResourceTag/RedisLabsIdentifier"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Redislabs-VPC"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">}</span> </span></span><span style="display:flex;"><span> <span style="color:#111">}</span> </span></span><span style="display:flex;"><span> <span style="color:#111">},</span> </span></span><span style="display:flex;"><span> <span style="color:#111">{</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Sid"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Support"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Effect"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"Allow"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Action"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"support:*"</span><span style="color:#111">,</span> </span></span><span style="display:flex;"><span> <span style="color:#d88200">"Resource"</span><span style="color:#f92672">:</span> <span style="color:#d88200">"*"</span> </span></span><span style="display:flex;"><span> <span style="color:#111">}</span> </span></span><span style="display:flex;"><span> <span style="color:#111">]</span> </span></span><span style="display:flex;"><span><span style="color:#111">}</span> </span></span></code></pre></div>Validate the policy and click Review Policy.
Enter
RedislabsIAMUserRestrictedPolicyas the policy name and click Create Policy.
Step 4: Create the programmatic access user
Create a user and attach the policy you created:
- In the AWS IAM console, go to Users > select Add user.
- Name it
redislabs-userand check only the Programmatic access checkbox. - Click Next: Permissions.
- Select Attach existing policies directly and select RedislabsIAMUserRestrictedPolicy from the list.
- Click Next: Review.
- Click Create user.
- Download the user credentials and store them in a secure location.
Step 5: Create the console access role
Last, create a role and attach the policy you created:
- In the AWS IAM console, go to Roles > select Create role.
- Select Another AWS account.
- Under Account ID, enter account number
168085023892(Redis Cloud’s AWS account). - Under Options, check the Require MFA checkbox only. Do not check Require external ID.
- Click Next: Permissions.
- Attach the policy RedisLabsIAMUserRestrictedPolicy to the role.
- Click Next: Review.
- Name the role
redislabs-roleand then click Create role.