This article describes how to create a IAM role and enable access for the Paigo Account.
- An AWS account
- Access to manage and create IAM roles
- AWS CLI
Below are two JSON files that you will need in order to enable Paigo to pull infrastructure data for your account
Store the below file somewhere, and name it trust-relationships.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::647662420899:root"
},
"Action": "sts:AssumeRole"
}
]
}
Store this file in the same directory as above, and name this file permissions.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "ec2:Describe*", "ec2:Get*"],
"Resource": "*"
}
]
}- Navigate to where you stored the save files
- Verify that you have access to create and manage IAM roles for your aws account
- Check
~/.aws/credentialsfor specific information on your currently assumed role
- Check
- Run the following command to grant Paigo Read access for the above permissions
aws iam create-role --role-name paigo-margin-calc-role --assume-role-policy-document file://trust-relationships.json && aws iam put-role-policy --role-name paigo-margin-calc-role --policy-name read-cw-read-ec2 --policy-document file://permissions.json