Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version next

D toc

If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that

D s product
rtrue
 can leverage it. 

Prerequisites:

Please acquire the following information:

  • Account ID: The AWS account identifier that

    D s product
    should use for access.

    Info

    NOTE: This value is provided to you by

    D s company
    .

    After it has been specified, this value is available for workspace administrators through the Admin console. See AWS Settings Page.


  • External ID:The external identifier is set within
    D s product
    . This value is available for workspace administrators through the Admin console. See AWS Settings Page.

  • IAM role: The AWS IAM role that
    D s product
     should use.

For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.

Steps:

  1. Login to the AWS console.
  2. Open the IAM role for use with
    D s product
  3. Insert the following AWS policy snippet to define the trust relationship for this role:

    Code Block
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": "<aws_account_id>"
          },
          "Action": "sts:AssumeRole",
          "Condition": {
            "StringLike": {
              "sts:ExternalId": [
                "<external_id>"
              ]
            }
          }
        }
      ]
    }

    where:

    SettingDescription
    <aws_account_id>

    The AWS account identifier for

    D s product

    <external_id>

    The external identifier generated by

    D s product

  4. Save the IAM role definition.

    Info

    NOTE: The AWS account ID value must be applied to every user profile that requires access through this IAM role. See User Profile Page.