CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

IAM Role

Identity and Access Management (IAM) Role and Security Token Service (STS) are supported by the CloudCenter platform.

Feature Depedency

These two features are dependent on the CCO being launched (and establishing a trust relationship in AWS) using an IAM role. See http://docs.aws.amazon.com for additional details.

To use IAM roles, you must launch the CCO VM using the admin role so you can use the IAM role at any point in the future. Launching a CCO VM with the admin role allows you to use either the IAM role or the classic key/secret key access at any time.

For IAM role-based accounts, the CloudCenter platform requires the EC2fullAccess role (minimum requirement). If using the CloudCenter RDS out-of-box service, your account additionally requires RDSfullAccess as well.

Instead of specifying the access key and secret key and so forth, you can manage instance types by using an IAM role. By default, this feature is disabled and you must explicitly enable the IAM role by toggling this button to ON when you configure an AWS Cloud.

You can launch RDS instances using IAM role-based accounts if you meet the following requirements:

  • If a Docker container is not part of the CCO, then you must assign the Docker container VM to the same IAM role as the CCO server.

  • Be sure to attach the following sts:GetFederationToken custom policy to IAM roles (with RDSfullAccess):

    {
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Action": "sts:GetFederationToken",
            "Resource": "*"
        }]
    }
© 2017-2019 Cisco Systems, Inc. All rights reserved