Setting Permissions for AWS

Use these steps to integrate ALM with Amazon Web Services Identity and Access Management.

  1. Launch a Windows EC2 instance in AWS.

  2. Create a new IAM Role with the permissions shown on the Permissions tab below, or use JSON as shown. Note that the Resources can be set to all (*).

  3. Assign the new role to the EC2 instance.

  4. Install the ALM Engine on the EC2 instance.

  5. Assign the ALM Engine to a domain and pool in ALM.

    AWS Permissions Tab 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:ListPolicies",
                "iam:DeleteAccessKey",
                "iam:AttachUserPolicy",
                "iam:DeleteUser",
                "iam:CreateUser",
                "iam:TagUser",
                "iam:CreateAccessKey",
                "iam:CreateLoginProfile",
                "iam:RemoveUserFromGroup",
                "iam:AddUserToGroup",
                "iam:ListGroupsForUser",
                "iam:ListAttachedUserPolicies",
                "iam:ListUsers",
                "iam:ListAttachedGroupPolicies",
                "iam:ListGroups",
                "iam:GetUser",
                "iam:DetachUserPolicy",
                "iam:GetLoginProfile",
                "iam:DeleteLoginProfile",
                "iam:ListAccessKeys"
            ],
            "Resource": "*"
        }
    ]
}