Versions Compared

Old Version 3

changes.mady.by.user Ciprian LUCACI

Saved on

compared with

New Version 4

changes.mady.by.user Vladimir Tikhonov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open your AWS Web Console and log in

  2. Go to IAM - Roles

  3. Click on Create role

  4. Select AWS Service as the Entity Type and EC2 as the Use Case and click Next

  5. On the permissions page, click on Create policy

  6. Select the JSON tab and paste the following https://blueprinttechnologies.atlassian.net/wiki/spaces/BLMPD/pages/2615738369/Single+AWS+Account+access+policies+for+LHM#Final-template-for-IAM-Role-for-Lakehouse-Monitor-App-EC2-VM template, replacing the placeholders for account ids, bucket names and paths for Billable Usages Log Delivery (please fill in the gaps as per the required information (e.g AWS Account ID)

    Code Block{ "Version": "2012-10-17", "Statement": [ { "Sid": "BplmCostReader", "Effect": "Allow", "Action": "ce:GetCostAndUsage", "Resource": "*" }, { "Sid": "BplmSecretsReader", "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:*:{AWS Account ID}:secret:{SecretNameHere}" }, { "Sid": "BplmDynamoPolicy", "Effect": "Allow", "Action": [ "dynamodb:CreateTable", "dynamodb:UpdateTimeToLive", "dynamodb:DescribeTable", "dynamodb:Scan", "dynamodb:Query" ], "Resource": [ "arn:aws:dynamodb:*:{AWS account ID}:table/*bplm*" ] }, { "Sid": "BplmSqsPolicy", "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:CreateQueue" ], "Resource": [ "arn:aws:sqs:*:{AWS account ID}:*bplm*" ] } ] }

    )

  7. On the Review page, give your role a name and click Create Policy, and finish creating the IAM Role by giving the role a name and clicking Create role