Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Steps to create an IAM Role

  1. Click Roles from the left hand side menu to begin.

     

  2. Click Create role button to create a new IAM Role. Under Select type of trusted entity select Another AWS account and enter the 12 digit Account ID of Zilla (087210011007). Select the Options checkbox for ‘Require external ID’ and enter External ID as your tenant’s domain name, then click Next: Permissions.

     

  3. On the permissions page, search for AWSSSOReadOnly policy, and select the checkbox.

     

  4. Also search for the policy created ,Zilla-SSO-Reader-Policy , and select the checkbox. Then click Next: Tags.

     

  5. Optionally add tags and click Next: Review.

     

  6. On the review page, add the name of the role Zilla-SSO-Reader-Role and optionally add a description. Ensure the Trusted entities account id matches Zilla’s account Id (087210011007) and that the Policies section contains Zilla-SSO-Reader-Policy, then click Create roled.

     

  7. Once the role is created, you can search for it on the roles tab and click on the role to check its details.

     

  8. On the role details page, double check the policy under Trust relationships that Trusted entities has Zilla Account ID (087210011007) and your domain name as ExternalId condition.

     

Notes:

  1. Copy the Role ARN. For example: arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/Zilla-SSO-Reader-Role and keep it handy for later.

  2. Typically organizations will have one MASTER AWS ACCOUNT under which they will setup multiple Users, Groups, Permission Sets and AWS Accounts. So it’s likely you will need to create the SSO Role and Policy creation only once against your MASTER AWS ACCOUNT.

  3. Currently, the IAM Role and Policy creation to bring in SSO Users, Groups and Permission Sets is optional in Zilla.

  • No labels