Identity Verification via AWS Console

This document guides you through identity verification using the AWS Console.

  1. Select Cross-account Access Using Roles

After selecting cross-account access using roles, the system will automatically generate part of the role policy code and the creation command for the command line.

  • "arn:aws:iam::891164855293:role/montCacheClientRole" is the role entity for the Montplex Cache and the trusted entity that you need to grant access to your AWS resources.
  • "sts:ExternalId": "v-839419023641324526844783855985" is the unique UUID for each user in the Montplex Cache, serving as a verification code for Montplex Cache to access your AWS resources. This enhances system security.

  1. Log in to Your AWS Console and Navigate to IAM Service Management

Log in to Your AWS Console and Navigate to IAM Service Management You can search for the "IAM" service and click on the search result to enter. Alternatively, you can go to the IAM service management page by clicking on the "Security Credentials" under your user avatar. 3. Create a Role

In the IAM service page, navigate to Access Management, select Roles, and select create role. Select the Trusted Entity Type Custom Trust Policy Copy the first part of the trust policy code generated by the Montplex Cache and paste it into the trust policy field. Click Next to skip the "Add Permissions" step and set the role name to "createMontCacheRole". Finalize Role Creation and Add Inline Policy Copy the following inline policy code into the policy editor

1{
2  "Version": "2012-10-17",
3  "Statement": [
4    {
5      "Effect": "Allow",
6      "Action": [
7        "cloudformation:*",
8        "eks:*",
9        "ec2:*",
10        "autoscaling:*",
11        "elasticloadbalancing:*",
12        "iam:*Role*",
13        "iam:*InstanceProfile",
14        "iam:*InstanceProfiles",
15        "iam:*OpenID*",
16        "iam:*Polic*",
17        "s3:ListBucket",
18        "s3:GetObject",
19        "s3:DeleteObject",
20        "s3:PutObject",
21        "rds:CreateDBSubnetGroup",
22        "rds:DescribeDBSubnetGroups",
23        "rds:CreateDBInstance",
24        "rds:DescribeDBInstances",
25        "rds:DeleteDBInstance",
26        "rds:DeleteDBSubnetGroup",
27        "rds:DescribeDBEngineVersions",
28        "rds:DescribeDBSnapshots",
29        "rds:DeleteDBSnapshot",
30        "ssm:GetParameter"
31      ],
32      "Resource": "*"
33    },
34    {
35      "Effect": "Allow",
36      "Action": "iam:CreateServiceLinkedRole",
37      "Resource": "*",
38      "Condition": {
39        "StringEquals": {
40          "iam:AWSServiceName": [
41            "autoscaling.amazonaws.com",
42            "ec2scheduled.amazonaws.com",
43            "elasticloadbalancing.amazonaws.com",
44            "spot.amazonaws.com",
45            "eks.amazonaws.com",
46            "eks-nodegroup.amazonaws.com"
47          ]
48        }
49      }
50    }
51  ]
52}

Click Next and set the inline policy name, such as "createMontCache-policy" Your role and permission policy are now created. Review the role's ARN. Finally, save the role's ARN in the Montplex Cache.