Versions Compared

Old Version 3

changes.mady.by.user Ciprian LUCACI

Saved on

compared with

New Version Current

changes.mady.by.user Ciprian LUCACI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Info

Below you will find the steps you need to take in order to create the AWS IAM Role needed by the LHM LHO application. LHM LHO needs this IAM role with this these permissions set so it can access the Amazon Secret, Amazon DynamoDB, Amazon SQS and also gather AWS cost data on the resources being monitored.

  1. Open your AWS Web Console and log Log in.

  2. Go to IAM - Roles.

  3. Click on Create role.

  4. Select AWS Service as the Entity Type and EC2 as the Use Case and click Next.

  5. On the permissions Permissions page, click on Create policy.

  6. Select the JSON tab and paste the following https://blueprinttechnologies.atlassian.net/wiki/spaces/BLMPD/pages/2615738369/Single+AWS+Account+access+policies+for+LHM#Final-template-for-IAM-Role-for-Lakehouse-Monitor-App-EC2-VM template, replacing the placeholders for account ids, bucket names and paths for Billable Usages Log Delivery (please fill in the gaps as per the required information (e.g AWS Account ID)

    Code Block
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "BplmCostReader",
            "Effect": "Allow",
            "Action": "ce:GetCostAndUsage",
            "Resource": "*"
        },
        {
            "Sid": "BplmSecretsReader",
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "arn:aws:secretsmanager:*:{AWS Account ID}:secret:{SecretNameHere}"
        },
        {
            "Sid": "BplmDynamoPolicy",
            "Effect": "Allow",
            "Action": [
                "dynamodb:CreateTable",
                "dynamodb:UpdateTimeToLive",
                "dynamodb:DescribeTable",
                "dynamodb:Scan",
                "dynamodb:Query"
            ],
            "Resource": [
                "arn:aws:dynamodb:*:{AWS account ID}:table/*bplm*"
            ]
        },
        {
            "Sid": "BplmSqsPolicy",
            "Effect": "Allow",
            "Action": [
                "sqs:DeleteMessage",
                "sqs:GetQueueUrl",
                "sqs:ReceiveMessage",
                "sqs:CreateQueue"
            ],
            "Resource": [
                "arn:aws:sqs:*:{AWS account ID}:*bplm*"
            ]
        }
        
    ]
}

    ).

  7. On the Review page, give your role a name and click Create Policy, and finish creating the IAM Role by giving the role a name and clicking Create role.

...

Have questions or need help getting started? Please Contact Us for further discussion. We are here to help you make the most out of your Lakehouse Optimizer experience!

...

Schedule a Live Demo of the Lakehouse Optimizer

...