AWS Permissions Needed to Create a DynaCenter Instance
Reference Number: AA-00419 Views: 4224 Created: 07-24-2017 11:28 Last Updated: 08-14-2017 11:54

Applies To:

DynaCenter 7.0.0 and later

Background: 

You must have the appropriate AWS permissions to create the DynaCenter instance from a DynaCenter Amazon Machine Image (AMI); this article outlines the required AWS permissions. 

More Information: 

The following article provides information about creating an IAM user:

http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html

If you are installing DynaCenter from the AWS Marketplace, see the following article for the appropriate permissions:

https://racemi.host4kb.com/article/AA-00390

If you want to integrate DynaCenter with the AWS Migration Hub, see the following article for the appropriate permissions:

https://racemi.host4kb.com/article/AA-00414

The following article provides information about the permissions needed to configure DynaCenter and migrate servers after the DynaCenter instance is created:

https://racemi.host4kb.com/article/AA-00386

Resolution: 

The following sample policy outlines the minimum permissions needed to create the DynaCenter instance.

Sample Policy

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "Stmt1432040614000",

            "Effect": "Allow",

            "Action": [

                "ec2:AuthorizeSecurityGroupEgress",

                "ec2:AuthorizeSecurityGroupIngress",

                "ec2:CreateKeyPair",

                "ec2:CreateSecurityGroup",

                "ec2:CreateTags",

                "ec2:DeleteSecurityGroup",

                "ec2:DescribeAccountAttributes",

                "ec2:DescribeImages",

                "ec2:DescribeInstances",

                "ec2:DescribeInstanceStatus",

                "ec2:DescribeKeyPairs",

                "ec2:DescribeSecurityGroups",

                "ec2:DescribeSubnets",

                "ec2:DescribeTags",

                "ec2:DescribeVpcs",

                "ec2:RunInstances",

                "ec2:StartInstances",

                "ec2:StopInstances",

                "ec2:TerminateInstances"

            ],

            "Resource": [

                "*"

            ]

        },

        {

            "Sid": "Stmt1458161720000",

            "Effect": "Allow",

            "Action": [

                "iam:CreateAccessKey",

                "iam:CreateInstanceProfile",

                "iam:DeleteAccessKey",

                "iam:ListAccessKeys",

                "iam:ListInstanceProfiles",

                "iam:ListInstanceProfilesForRole",

                "iam:ListRolePolicies",

                "iam:ListRoles",

                "iam:PassRole"

            ],

            "Resource": [

                "*"

            ]

        }

    ]

}