Create IAM Group
- Create a group within Identity Access & Management (IAM) named DLT-support, click Next Step
- At the Attach Policy Screen just select Next Step, we will circle back to this later in the instructions
- On the Review Screen, click Create Group
Create IAM User Account
- Create an (IAM) User Account named DLT-support
**Note** De-select Generate an access key for each user - Click Create and the IAM User Account is listed in the User Account section
Add IAM User to DLT-support Group
- Click on DLT-support IAM User Account and select Add User To Groups
- Select DLT-support Group and click Add To Group in the bottom right corner
- Now you will see the DLT-support user account is now a member of the DLT-support Group
Create Password for IAM User Account
- Select DLT-support User Account
- In the bottom right corner, under Security Credentials locate and click Managed Password
- Once in Manage Password click the radio button Assign Custom Password
- Type in password and confirm: Solutions123
- Click and select radio button Require User to Create a New Password at Next Sign-in
- Click Apply
Creating and Adding IAM Policy for DLT Support Group
Our DLT Support Custom Policy is a read-only policy that strictly allows TD Synnex Service Center Support to access the Support panel of your AWS Dashboard. This policy prevents TD Synnex Service Center Support from being able to view any AWS service within your Dashboard.
- Within the IAM Dashboard, select Policies a Policy Wizard will walk you through creating a customer policy and assigning it to a group or individual user.
- Click Get Started
- Click Create Policy
- Click Create Your Own Policy
- Under Review Policy enter Policy name: DLT-AWS-Support-Services-Access
- Copy and Paste into text editor, modify and perform find and replace all for the following values
**NOTE** Ensure there are no dashes or extra spaces
{ "Version": "2012-10-17", "Statement": [{ "Sid": "AllowDLTSupportToAccessAWSSupportServices", "Effect": "Allow", "Action": "support:*", "Resource": "*" }, { "Sid": "AllowUsersAllActionsForCredentials", "Effect": "Allow", "Action": ["iam:*LoginProfile", "iam:*AccessKey*", "iam:*SigningCertificate*", "iam:ChangePassword", "iam:ListGroupsForUser", "iam:GetUserPolicy", "iam:ListUserPolicies"], "Resource": ["arn:aws-us-gov:iam:::user/${aws:username}"] }, { "Sid": "AllowDLTSupportUserToViewDLTGroupPolicy", "Effect": "Allow", "Action": ["iam:GetGroupPolicy", "iam:ListGroupPolicies"], "Resource": ["arn:aws-us-gov:iam:::group/username"] }, { "Sid": "AllowUsersToSeeStatsOnIAMConsoleDashboard", "Effect": "Allow", "Action": ["iam:GetAccount*", "iam:ListAccount*", "iam:GetAccountPasswordPolicy"], "Resource": ["*"] }, { "Sid": "AllowUsersToListUsersInConsole", "Effect": "Allow", "Action": ["iam:ListUsers"], "Resource": ["arn:aws-us-gov:iam:::user/*"] }, { "Sid": "AllowUsersToCreateDeleteTheirOwnVirtualMFADevices", "Effect": "Allow", "Action": ["iam:*VirtualMFADevice"], "Resource": ["arn:aws-us-gov:iam:::mfa/${aws:username}"] }, { "Sid": "AllowUsersToEnableSyncDisableTheirOwnMFADevices", "Effect": "Allow", "Action": ["iam:DeactivateMFADevice", "iam:EnableMFADevice", "iam:ListMFADevices", "iam:ResyncMFADevice"], "Resource": ["arn:aws-us-gov:iam:::user/${aws:username}"] }, { "Sid": "AllowUsersToListVirtualMFADevices", "Effect": "Allow", "Action": ["iam:ListVirtualMFADevices"], "Resource": ["arn:aws-us-gov:iam:::mfa/*"] }] }
- Once complete, select all and copy.
- Insert script into Policy Document.
- Validate Policy to validate policy is configured correctly.
- Click "Create Policy"
Assign DLT Support Custom Policy to DLT-support Group
- Within the IAM Dashboard, select Groups
- Locate the DLT-support Group and select "Attach Policy"
- In the Search field, enter DLT-AWS-Support-Services-Access to locate the DLT Support Custom Policy
- Select the policy and click Attach Policy
Account Summary will show you that the DLT Support Custom Policy is now attached to the DLT-support Group - Update Case to notify TD Synnex Operations Center this task is complete and validate account access.
Comments
0 comments
Article is closed for comments.