AWS - Create an IAM Role for IAM Users, Groups, Roles and Resources

Steps to create an IAM Role Zilla-IAM-Reader-Role

1. Login to the AWS Account via the AWS Management Console.

   Open

   

    

2. Navigate to the IAM dashboard.

   Open

   

    

3. Click on Roles from the left hand side menu to begin, then click Create role button to create a new IAM Role.

    

4. Under An AWS account select Another AWS account and enter the 12 digit region specific Zilla Account ID (listed below). Select the Options checkbox for ‘Require external ID’ and enter the External ID field as your tenant’s domain name. Click Next.

   • US region Account ID: 087210011007

   • EU region Account ID: 319105906071

   • Australia/New Zealand region Account ID: 868976368166

      

5. On the Add permissions page, search for the policy SecurityAudit, and select the checkbox. Click Next.

    

6. On the Name, review, and create page, set the name of the role to Zilla-IAM-Reader-Role and optionally add a description. Review the trusted entity account id is region specific Zilla’s account Id and the ExternalId condition is your domain name and the permissions section contains SecurityAudit. Click Create role.

    

    

    

7. Once the role is created you can search for it on the Roles tab and click on the role to check its details.

    

8. On the role details page, double check the policy under Trust relationships tab that Trusted entities has region specific Zilla Account ID and your domain name as ExternalId condition.