AWS Snowball User Guide
Authentication
"iam:ListRolePolicies",
"iam:PutRolePolicy",
"iam:PassRole"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:SetTopicAttributes"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"snowball:*",
"importexport:*"
],
"Resource": "*"
}
]
}
12. Choose Apply Policy to finalize your new inline policy and return to the IAM Users page in the
console.
The preceding procedure creates a user that can create and manage jobs in the Snowball console.
Creating an IAM Role for Snowball
An IAM role must be created with read and write permissions for your Amazon S3 buckets. The role must
also have a trust relationship with Snowball, so AWS can write the data in the Snowball and in your
Amazon S3 buckets, depending on whether you're importing or exporting data. Creating this role is done
as a step in the job creation wizard for each job.
When creating a job in the AWS Snowball Management Console, creating the necessary IAM role occurs
in step 4 in the Permission section. This process is automatic, and the IAM role that you allow Snowball
to assume is only used to write your data to your bucket when the Snowball with your transferred data
arrives at AWS. However, if you want to create an IAM role specifically for this purpose, the following
procedure outlines that process.
To create the IAM role for your import job
1. On the AWS Snowball Management Console, choose Create job.
2. In the first step, fill out the details for your import job into Amazon S3, and then choose Next.
3. In the second step, under Permission, choose Create/Select IAM Role.
4. The IAM Management Console opens, showing the IAM role that AWS uses to copy objects into your
specified Amazon S3 buckets.
Once you've reviewed the details on this page, choose Allow.
81
To Next Page
Loading...