ProsperOps access can be configured via the AWS Console by following these steps:
- Log in to the AWS Console using credentials with sufficient permissions to create IAM roles in the target AWS account and navigate to the IAM section.
- Select Roles then select Create role.
- Select Another AWS account as the trusted entity and enter "205499583182" as the Account ID.
- Check the option to enable Require external ID and enter the ProsperOps provided external ID. This can be found in the ProsperOps Console as shown. Once done, click Next.
Please note, the external ID is AWS account specific.
- We're going to add an Inline policy after we create the role, so just click Next.
- No tags are required although you may enter tags if you choose. Click Next.
- Enter a Role name of "ProsperOps" (exactly as shown here, as it is case sensitive) and set the Role description to say "Used by ProsperOps - www.prosperops.com. Must remain in place for ProsperOps to function correctly. Email email@example.com for assistance." Then click Create role.
- Click on the newly created ProsperOps role to open the Role Summary screen then click on Add inline policy.
- Select the JSON tab, copy and paste the ProsperOps provided JSON policy from the ProsperOps Console into the editor, then click Review policy.
- Enter "ProsperOps" as the policy Name, then click Create policy.
- A ProsperOps IAM role has now been created with the necessary least privilege policy permissions.
- Return to the ProsperOps Console and click Validate Access for the AWS account that was just configured. Once you receive confirmation, ProsperOps access is complete! Repeat this process for all applicable AWS accounts.