AWS - Create an IAM Role for IAM Users, Groups, Roles and Resources

Below are the steps to create Zilla-IAM-Reader-Role manually using AWS IAM console. Another option is to use AWS CloudFormation to create this role. To use AWS CloudFormation follow the steps in - AWS CloudFormation For Creating Zilla-IAM-Reader-Role.

Steps to create an IAM Role Zilla-IAM-Reader-Role

  1. Login to the AWS Account via the AWS Management Console.

     

  2. Navigate to the IAM dashboard.

     

  3. Click on Roles from the left hand side menu to begin, then click Create role button to create a new IAM Role.

     

  4. Under An AWS account select Another AWS account and enter the 12 digit region specific Zilla Account ID (listed below). Select the Options checkbox for ‘Require external ID’ and enter the External ID field as your tenant’s domain name. Click Next.

    • US region Account ID: 087210011007

    • EU region Account ID: 319105906071

    • Australia/New Zealand region Account ID: 868976368166

       

  5. On the Add permissions page, search for the policy SecurityAudit, and select the checkbox. Click Next.

     

  6. On the Name, review, and create page, set the name of the role to Zilla-IAM-Reader-Role and optionally add a description. Review the trusted entity account id is region specific Zilla’s account Id and the ExternalId condition is your domain name and the permissions section contains SecurityAudit. Click Create role.

     

     

     

  7. Once the role is created you can search for it on the Roles tab and click on the role to check its details.

     

  8. On the role details page, double check the policy under Trust relationships tab that Trusted entities has region specific Zilla Account ID and your domain name as ExternalId condition.

     

Notes:

  1. Copy the Role ARN. For example: arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/Zilla-IAM-Reader-Role and keep it handy for later.

  2. Typically IAM Users and Groups are created against each AWS Account, so you will need to create the above role and policy for each of your AWS Accounts.

  3. Currently, the IAM Role and Policy creation to bring in IAM Users and Groups is mandatory in Zilla.