Creating an AWS IAM user

To complete tasks in the IBM Spectrum® Protect Plus user interface, IAM users must have access keys and required permissions.

About this task

You can use the AWS Management Console to create an IAM user by using the following steps. These steps are condensed from the steps that are documented in the AWS Identity and Access Management User Guide to show settings that are required for IBM Spectrum Protect Plus. For the complete and detailed steps for creating an IAM user, refer to this guide.

To create a user, you muse have IAM administrative permissions.

Procedure

  1. Sign in to the AWS Management Console and click Services > IAM to open the IAM Management Console.
  2. In the console navigation panel, click Users > Add user.
  3. Type the user name for the new user.
  4. Select Programmatic access for the AWS access type.
    This access type is required to create an access key, which is required by IBM Spectrum Protect Plus. IBM Spectrum Protect Plus does not require the access type AWS Management Consol access.
  5. Click Next: Permissions.
  6. Click Attach existing policies directly, and then click Create policy.
    The Create policy page opens in a new browser window.
  7. Click the JSON tab and enter the following actions: 
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:DetachVolume",
                "ec2:AttachVolume",
                "ec2:DeregisterImage",
                "ec2:DeleteSnapshot",
                "ec2:DescribeInstances",
                "ec2:CreateVolume",
                "ec2:DescribeTags",
                "ec2:CreateTags",
                "ec2:RegisterImage",
                "ec2:DescribeRegions",
                "ec2:RunInstances",
                "ec2:DescribeSnapshots",
                "ec2:DescribeAvailabilityZones",
                "ec2:CreateSnapshots",
                "ec2:DescribeVolumes",
                "ec2:CreateSnapshot",
                "ec2:DescribeSubnets", 
                "iam:PassRole"
            ],
            "Resource": "*"
        }
    ]
}
  8. Click Review Policy.
  9. Type a name and description (optional) for the policy that you are creating.
  10. Review the Summary section to see the permissions that are granted by the policy.
  11. Click Create policy.
  12. Close the browser window and return to the window that contains the Add user page.
  13. Select the policy that you created from the list of policies.
  14. Optional: Set a permissions boundary.
  15. Click Next: Tags.
  16. Optional: Add metadata to the user by attaching tags as key-value pairs.
    You can use tags to filter resources when you back up or restore EC2 data.
  17. Click Next: Review.
  18. Review your choices, and then click Create user.
    A new window opens showing the user name, access key, and secret key.
  19. To view the secret key, click show Show next to the secret key.
  20. Click Download.csv to save the access key ID and secret access key to a CSV file on your computer.
    Store the file in a secure location. You cannot access the secret access key again after this dialog box closes.
  21. Click Close close the window.

What to do next

Add an account for EC2. To create an account, follow the instructions in Adding an Amazon EC2 account.