Setting Up an IAM Role to TotalCloud

Updated 1 week ago by Totalcloud

To set up an IAM role to TotalCloud, follow the below steps:

  1. Sign in to your Amazon Identity and Access Management (IAM) console.
  2. In the IAM pane, click Create Role
  3. Under Select type of trusted entity section, select Another AWS Account.

  1. Go to TotalCloud AWS Account Setup web page. Copy the Account Number as shown in the page below.

  1. Go back to your Amazon Web Services’ IAM management page, under the Specify accounts that can use this role section, paste the Account Number in Account ID.

  1. Select Require External ID from Options.
  2. Go to TotalCloud AWS Account Setup web page. Copy the External ID as shown in the page below.

  1. Go back to your Amazon Web Services’ IAM management page and paste the External ID.

  1. Do not select Require MFA option and click Next: Permissions.
  2. Do not select any Managed Policies from the list because each workflow will be assigned with a custom policy with right permissions. Selecting PowerUserAccess policy or any unwanted policies provides over permissions to totalcloud, which is not a good practice.
  3. Click Next: Tags.
  4. On the Tags page, make no changes and click Next:Review.
  5. Enter TotalCloud in Role name, and click Create Role.

  1. From the list, select the TotalCloud role from the role list.

  1. in the Summary section, copy the Role ARN value and paste it in ARN, on the totalcloud web setup page.

  1. On the totalcloud AWS account setup page, click Validate.
  2. Enter a Profile Name and a profile for AWS account is created.

We suggest you to add the following policy to the role or user to make the TotalCloud experience a breeze.
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "iam:listAttachedRolePolicies",
               "iam:listAttachedUserPolicies",
               "iam:listAttachedGroupPolicies",
               "iam:listRolePolicies",
               "iam:listUserPolicies",
               "iam:listGroupPolicies",
               "iam:getRolePolicy",
               "iam:getUserPolicy",
               "iam:getGroupPolicy",
               "iam:listGroupsForUser",
               "iam:getUser",
               "iam:getPolicy",
               "iam:getPolicyVersion"
           ],
           "Resource": "*"
       }
   ]
}


How did we do?