Applies To:
DynaCenter 7.0.0 and later
Background:
You must have the appropriate AWS permissions to create the DynaCenter instance from a DynaCenter Amazon Machine Image (AMI); this article outlines the required AWS permissions.
More Information:
The following article provides information about creating an IAM
user:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html
If you are installing DynaCenter from the AWS Marketplace, see the following article for the appropriate permissions:
https://racemi.host4kb.com/article/AA-00390
If you want to integrate DynaCenter with the AWS Migration Hub,
see the following article for the appropriate permissions:
https://racemi.host4kb.com/article/AA-00414
The following article provides information about the permissions needed to configure DynaCenter and migrate servers
after the DynaCenter instance is created:
https://racemi.host4kb.com/article/AA-00386
Resolution:
The following sample policy outlines the minimum permissions needed
to create the DynaCenter instance.
Sample Policy
{
"Version":
"2012-10-17",
"Statement": [
{
"Sid":
"Stmt1432040614000",
"Effect":
"Allow",
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcs",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource": [
"*"
]
},
{
"Sid":
"Stmt1458161720000",
"Effect":
"Allow",
"Action": [
"iam:CreateAccessKey",
"iam:CreateInstanceProfile",
"iam:DeleteAccessKey",
"iam:ListAccessKeys",
"iam:ListInstanceProfiles",
"iam:ListInstanceProfilesForRole",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:PassRole"
],
"Resource": [
"*"
]
}
]
}