...
Open your AWS Web Console and log in
Go to IAM - Roles
Click on Create role
Select AWS Service as the Entity Type and EC2 as the Use Case and click Next
On the permissions page, click on Create policy
Select the JSON tab and paste the following https://blueprinttechnologies.atlassian.net/wiki/spaces/BLMPD/pages/2615738369/Single+AWS+Account+access+policies+for+LHM#Final-template-for-IAM-Role-for-Lakehouse-Monitor-App-EC2-VM template, replacing the placeholders for account ids, bucket names and paths for Billable Usages Log Delivery (please fill in the gaps as per the required information (e.g AWS Account ID)
{ "Version": "2012-10-17", "Statement": [ { "Sid": "BplmCostReader", "Effect": "Allow", "Action": "ce:GetCostAndUsage", "Resource": "*" }, { "Sid": "BplmSecretsReader", "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:*:{AWS Account ID}:secret:{SecretNameHere}" }, { "Sid": "BplmDynamoPolicy", "Effect": "Allow", "Action": [ "dynamodb:CreateTable", "dynamodb:UpdateTimeToLive", "dynamodb:DescribeTable", "dynamodb:Scan", "dynamodb:Query" ], "Resource": [ "arn:aws:dynamodb:*:{AWS account ID}:table/*bplm*" ] }, { "Sid": "BplmSqsPolicy", "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:CreateQueue" ], "Resource": [ "arn:aws:sqs:*:{AWS account ID}:*bplm*" ] } ] }Code Block )
On the Review page, give your role a name and click Create Policy, and finish creating the IAM Role by giving the role a name and clicking Create role