Change AWS authentication from credential based to role based

The following steps have been provided as an example to help you to change authentication from a credential based cloud account to a role based cloud account:

Steps

  1. In the Edit Cloud Account page, select Role based.
  2. Log in to the AWS Management Console.
  3. Complete the following steps to create a role:
    1. In the navigation pane of the IAM console, select Roles, and then click Create role.
    2. Select the type of trusted entity as Another AWS Account.
    3. Copy the Trusted Account number from Cloud Snapshot Manager and paste it in the Account ID field of the console.
    4. In Options, select Require external ID.
      Do not select Require MFA.
    5. Copy the External ID value from Cloud Snapshot Manager to the External ID field of the console, and then click Next: Permissions.
    6. Click Next: Tags.
    7. Click Next: Review.
    8. Enter a unique role name, review the role, and click Create role.
    9. Search for the new role and copy the role ARN value.
  4. Complete the following to create a policy:
    1. Copy content from AWS minimum permission policy.
      For details about each AWS permission and how it is used by Cloud Snapshot Manager, see AWS permission usage.
    2. In the navigation pane of the IAM console, select Policies, and then click Create policy.
    3. Select the JSON tab, and paste the copied content from the portal.
    4. Click Review policy.
    5. Enter a policy name and click Create policy.
  5. Associate the policy with the role using the following steps:
    1. Search for the role in the Roles page and click on it.
    2. Under the Permissions tab, click Attach Policies and search for the newly created policy.
    3. Select the policy and click Next: Review.
    4. Click Attach Policy.
  6. Paste the role ARN value for the newly created role in the corresponding field in Cloud Snapshot Manager.
  7. Click Save.