AWS Permissions Needed to Integrate DynaCenter with AWS Migration Hub
Reference Number: AA-00414 Views: 4752 Created: 03-29-2017 10:55 Last Updated: 08-15-2017 13:15

Applies To:

DynaCenter 7.0.0 and later

Background: 

DynaCenter can integrate with the AWS Migration Hub, which provides a mechanism for tracking server workload migrations. To integrate DynaCenter with the AWS Migration Hub, you must assign an IAM Role with the appropriate AWS permissions to the DynaCenter instance (the DynaCenter Management Workstation (MWS)).

Note: Currently, the AWS Migration Hub is only available in the us-west-2 (Oregon) region; while you can migrate to any region, the migration status will always be sent to, and stored in, the us-west-2 (Oregon) region.

More Information: 

The following topic provides information about creating an IAM role when creating the DynaCenter instance from the AWS Marketplace:

https://docs.racemi.com/Content/Amazon/InstallMarketplaceEC2/Prerequisites.htm#IAMRole

The following topic provides information about creating an IAM role when creating the DynaCenter instance from an Amazon Machine Image (AMI):

https://docs.racemi.com/Content/Amazon/InstallScenario1EC2/PrerequisitesInstallation.htm#MigrationHub

Resolution: 

The following sample policy outlines the minimum permissions needed to integrate DynaCenter with the AWS Migration Hub:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "mgh:AssociateCreatedArtifact",
                "mgh:CreateProgressUpdateStream",
                "mgh:ImportMigrationTask",
                "mgh:ListDiscoveredResources",
                "mgh:NotifyMigrationTaskState",
                "mgh:PutResourceAttributes"
            ],
            "Resource": "arn:aws:mgh:us-west-2:<account_number>:*"
        }
    ]
}