Skip to end of metadata
Go to start of metadata

About IAM

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. 

SoftNAS recommends use of an Identity and Access Management (IAM) when creating your SoftNAS instance. You will need to create both an IAM Policy and IAM Role for use with your SoftNAS instance.

Creating the IAM Policy for SoftNAS Cloud®

To create an IAM Policy for use with SoftNAS Cloud you will need to use the AWS IAM Console at https://console.aws.amazon.com/iam/home#/home or search for IAM in the AWS services from the AWS Console home.

1. To create the custom policy, click Policies from within the navigation pane.


2. Select Create Policy.



3. On the Create Policy screen, click the JSON option.

4. Delete the text in the JSON Editor.


4.  Copy the JSON text shown under IAM Role Policy below, and paste it into the AWS JSON editor and then click “Review policy” at the bottom of the page.

IAM Role Policy


{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Sid": "Stmt1444200186000",

      "Effect": "Allow",

      "Action": [

        "ec2:ModifyInstanceAttribute",

        "ec2:DescribeInstances",

        "ec2:CreateVolume",

        "ec2:DeleteVolume",

        "ec2:CreateSnapshot",

        "ec2:DeleteSnapshot",

        "ec2:CreateTags",

        "ec2:DeleteTags",

        "ec2:AttachVolume",

        "ec2:DetachVolume",

        "ec2:DescribeInstances",

        "ec2:DescribeVolumes",

        "ec2:DescribeSnapshots",
 

        "aws-marketplace:MeterUsage",


        "ec2:DescribeRouteTables",

        "ec2:DescribeAddresses",

        "ec2:DescribeTags",

        "ec2:DescribeInstances",

        "ec2:ModifyNetworkInterfaceAttribute",

        "ec2:ReplaceRoute",

        "ec2:CreateRoute",

        "ec2:DeleteRoute",

        "ec2:AssociateAddress",

        "ec2:DisassociateAddress",

 

        "s3:CreateBucket",

        "s3:Delete*",

        "s3:Get*",

        "s3:List*",

        "s3:Put*"

      ],

      "Resource": [

        "*"

      ]

    }

  ]

}




5. Enter a “Name” and “Description” for your policy and click “Create policy”.

Note: The IAM Policy name created should be SoftNAS_DISK_IAM for general deployments, and SoftNAS_HA_IAM for HA deployments. 


6. Your IAM Policy for use with SoftNAS should now be created.


Creating an IAM Role for use with SoftNAS

To create an IAM Role for use with SoftNAS Cloud and a previously created IAM Policy, you will need to use the AWS IAM Console at https://console.aws.amazon.com/iam/home#/home or search for IAM in the AWS services from the AWS Console home.


  1. From within the IAM Console, from the navigation pane, click Roles, and then click Create Role.




  2. Select EC2 as the service for this role by clicking the “EC2” service and then click “Next: Permissions” at the bottom of the page.



  3. Attach the permissions policy that you previous created for use with SoftNAS by checking the check box next to that policy, and then click “Next: Review”.




  4. Give your new role a “Role name” and “Role description” and then click “Create role”.




  5.  Your new SoftNAS role should now be created.




    This role can be used later when launching your SoftNAS Cloud AWS instance.