Creating an IAM role for the Administration Server
Before you deploy the Administration Server, in the AWS Management Console create an IAM role with permissions required for installation of applications on instances. For more details, see AWS Help sections about IAM roles.
To create an IAM role for the Administration Server:
- Open the AWS Management Console and log in under your AWS account.
- Proceed to the Roles section.
- Click the Create Role button.
- In the list of services that appears, select EC2 and then in the Select Your Use Case list select EC2 again.
- Click the Next: Permissions button.
- In the list that opens, select the following check box(es):
- Next to AmazonEC2ReadOnlyAccess, if you plan to only run cloud segment polling and do not plan to install applications on EC2 instances using AWS API.
- Next to AmazonEC2ReadOnlyAccess and AmazonSSMFullAccess, if you plan to run cloud segment polling and install applications on EC2 instances using AWS API. In this case, you will also need to assign an IAM role with the AmazonEC2RoleforSSM permission to the protected EC2 instances.
- Click the Next: Review button.
- Enter a name and a description for the IAM role and click the Create role button (see the figure below).
The role that you created appears in the list of roles with the name and description that you entered.
Creating an IAM role in AWS Management Console
You will need to assign this role to the EC2 instance that you will use as the Administration Server.
The newly created role is available for all applications on the Administration Server. Therefore, any application running on the Administration Server has the capability to poll cloud segments or install applications on EC2 instances within a cloud segment.
The addresses of web pages cited in this document are correct as of the Kaspersky Security Center release date.