Creating a policy

Edit online

You can create a policy for the deployed Cloud Edition AWS in Data Management.

Procedure

  1. Log in to the Amazon AWS console by using your AWS account credentials. The AWS credentials that you specify must have admin privileges.
  2. From the menu bar, select Services.
  3. Under Security, Identity & Compliance, select IAM.
  4. Click Policies.
  5. Click Create policy.
  6. From the Create policy page, select the JSON tab.
  7. Delete the default JSON code.
  8. Copy the following JSON code:
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action":[
                "iam:ListAttachedUserPolicies",
                "iam:GetPolicyVersion",
                "iam:GetPolicy",
                "iam:ListGroupsForUser",
                "iam:ListUsers",
                "iam:GetUser",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "iam:AddRoleToInstanceProfile",
                "iam:DetachRolePolicy",
                "iam:ListPolicies",
                "iam:GetRole",
                "iam:DeleteRole",
                "iam:CreateInstanceProfile",
                "iam:PassRole",
                "iam:DeleteInstanceProfile",
                "iam:GetInstanceProfile",
                "iam:TagRole",
                "cloudformation:UpdateStack",
                "cloudformation:ListStackResources",
                "cloudformation:CreateStack",
                "cloudformation:GetTemplate",
                "cloudformation:DeleteStack",
                "cloudformation:DescribeStacks",
                "cloudformation:ValidateTemplate",
                "cloudformation:DescribeStackEvents",
                "ec2:DescribeInstances",
                "ec2:DeleteTags",
                "ec2:DescribeRegions",
                "ec2:DeleteVolume",
                "ec2:DescribeNetworkInterfaces",
                "ec2:StartInstances",
                "ec2:DescribeVolumes",
                "ec2:AttachVolume",
                "ec2:DescribeInstanceStatus",
                "ec2:DetachVolume",
                "ec2:DetachNetworkInterface",
                "ec2:TerminateInstances",
                "ec2:ModifyVolumeAttribute",
                "ec2:CreateTags",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:DeleteNetworkInterface",
                "ec2:RunInstances",
                "ec2:StopInstances",
                "ec2:CreateVolume",
                "ec2:CreateNetworkInterface",
                "ec2:AttachNetworkInterface",
                "ec2:DescribeSubnets",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:DescribeAvailabilityZones",
                "ec2:CreateSecurityGroup",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeVpcs",
                "ec2:DeleteSecurityGroup",
                "ssm:SendCOmmand",
                "ssm:GetCommandInvocation",
                "s3:CreateBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:DeleteBucket",
                "s3:PutBucketPubicAccessBlock"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "VisualEditor0"

        }
    ]
}
  9. Paste the JSON code from the previous step.
  10. Click Review policy.
  11. In the Name field, enter a name for this policy, such as storagedefenderCEPolicy and click Create policy.
  12. Enter a name, such as storagedefenderCEPolicy, and an optional description for the policy and click Create policy.