Setting Up an IAM Role to TotalCloud

Updated 1 week ago by Totalcloud

To set up an IAM role to TotalCloud, follow the below steps:

  1. Sign in to your Amazon IAM management console.
  2. Click on "Create Role" button, and go to "Select Role Type." Select "Another AWS Account" as shown in the image below.

  1. Go to TotalCloud AWS Account Setup web page. Copy the Account Number as shown in the page below.

  1. Go back to your Amazon Web Services’ IAM management page and paste the Account Number in the Account ID.

  1. Select "Require External ID."

  1. Go to TotalCloud AWS Account Setup web page. Copy the External ID as shown in the page below.

  1. Go back to your Amazon Web Services’ IAM management page and paste the External ID.

  1. Keep "Require MFA" unchecked and click on "Next."

  1. Do not select any "Managed Policies" from the list as each workflow will be assigned with a custom policy with right permissions. Selecting "PowerUserAccess" policy or other unwanted policies provides over permissions to TotalCloud, which is not a good practice.

  1. Click "Next:Review."

  1. Enter "TotalCloud" as the IAM role name, and click "Create Role" button

  1. Select the newly created "TotalCloud" role from the role list.

  1. Copy the "Role ARN" value provided in the Summary section.

  1. Go back to TotalCloud and paste it in the ARN input field.

  1. Click on the Validate button in the TotalCloud.

  1. Enter your choice of Profile Name and create a profile for this AWS account.

We suggest you to add the following policy to the role or user to make the TotalCloud experience a breeze.
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "iam:listAttachedRolePolicies",
               "iam:listAttachedUserPolicies",
               "iam:listAttachedGroupPolicies",
               "iam:listRolePolicies",
               "iam:listUserPolicies",
               "iam:listGroupPolicies",
               "iam:getRolePolicy",
               "iam:getUserPolicy",
               "iam:getGroupPolicy",
               "iam:listGroupsForUser",
               "iam:getUser",
               "iam:getPolicy",
               "iam:getPolicyVersion"
           ],
           "Resource": "*"
       }
   ]
}


How did we do?