Applies To:
DynaCenter Launch
Background:
DynaCenter Launch provides an easy mechanism for configuring DynaCenter after DynaCenter is installed into an Amazon environment.
When you use DynaCenter Launch to configure DynaCenter, you must provide the AWS credentials for an IAM identity that has the appropriate permissions policy to use DynaCenter to migrate servers. The IAM identity can be any of the following:
This article identifies the AWS permissions that must be assigned to the IAM identity.
More Information:
The following article provides information about creating an IAM user:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html
The following article provides information about the permissions needed to install DynaCenter from the AWS Marketplace:
https://racemi.host4kb.com/article/AA-00390
The following article provides information about the permissions needed to install DynaCenter from a DynaCenter Amazon Machine Image (AMI):
https://racemi.host4kb.com/article/AA-00419
Resolution:
The following sample policy outlines the minimum permissions needed to configure DynaCenter using DynaCenter Launch.
Sample Policy
{
"Version":
"2012-10-17",
"Statement": [
{
"Sid":
"Stmt1432040614000",
"Effect":
"Allow",
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AssociateRouteTable",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateKeyPair",
"ec2:CreateNetworkInterface",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeyPair",
"ec2:DeleteNetworkInterface",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteSubnet",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeHosts",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVpcs",
"ec2:DetachNetworkInterface",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:GetConsoleOutput",
"ec2:GetPasswordData",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource": [
"*"
]
},
{
"Sid":
"Stmt1458161720000",
"Effect":
"Allow",
"Action": [
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:GetInstanceProfile",
"iam:GetRole",
"iam:ListAccessKeys",
"iam:ListInstanceProfilesForRole",
"iam:ListRoles",
"iam:PassRole"
],
"Resource": [
"*"
]
},
{
"Sid":
"Stmt1458161810000",
"Effect":
"Allow",
"Action": [
"cloudwatch:DescribeAlarms"
],
"Resource": [
"*"
]
},
{
"Sid":
"Stmt1458235190000",
"Effect":
"Allow",
"Action": [
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys"
],
"Resource": [
"*"
]
}
]
}