Creating an IAM role for the Administration Server
Nov 27, 2023
Before you deploy the Administration Server, in the AWS Management Console create an IAM role with permissions required for installation of applications on instances. For more details, see AWS Help sections about IAM roles.
To create an IAM role for the Administration Server:
- Open the AWS Management Console and log in under your AWS account.
- In the Roles section, create a role with the following permissions:
- AmazonEC2ReadOnlyAccess, if you plan to only run cloud segment polling and do not plan to install applications on EC2 instances using AWS API.
- AmazonEC2ReadOnlyAccess and AmazonSSMFullAccess, if you plan to run cloud segment polling and install applications on EC2 instances using AWS API. In this case, you will also need to assign an IAM role with the AmazonEC2RoleforSSM permission to the protected EC2 instances.
You will need to assign this role to the EC2 instance that you will use as the Administration Server.
The newly created role is available for all applications on the Administration Server. Therefore, any application running on the Administration Server has the capability to poll cloud segments or install applications on EC2 instances within a cloud segment.
The addresses of web pages cited in this document are correct as of the Kaspersky Security Center release date.