Creating Role Using AWS User Interface

This section explains the steps to setup a Prod-Xacc-Access in the Prod AWS account.
AWS accounts require access to AWS resources or APIs. In this example, the
Avi Load Balancer Controller
is hosted in the IT account (AWS account id – 123456789012) and the
Avi Load Balancer
Service Engine cloud provides data path services in the Prod account (AWS account id – 112233445566). Use the account IDs and resource ARNs that are applicable to your environment, while following this guide. Cross-account setup is explained in Delegate Access Across AWS Accounts Using IAM Role.
  1. In Prod account, set up the Prod-Xacc-Access role which will be a cross-account role. Navigate to
    IAM
    Roles
    and click
    Create New Role
    .
  2. Select Another AWS account, and provide
    Account ID
    , and click
    Next:Permissions
    . Enter the
    AWS account ID
    of the AWS account which can assume this role. In this example, it is the IT account (AWS account ID – 123456789012). You can choose
    Require MFA
    based on your requirement.
  3. Select the policies required by the
    Prod-Xacc-Access
    role to create the
    Avi Load Balancer
    SE for providing
    Avi Load Balancer
    functionality, and click
    Review
    . The following are the policies attached to this role in this reference section:
    • AviController-EC2-Policy
    • AviController-IAM-XAccess-Policy
    • AviController-R53-Policy
    • AviController-S3-Policy
    • vmimport-role-policy
  4. Provide the
    Role name
    (Prod-Xacc-Access),
    Role description
    (optional), and click
    Create Role
    .
    To summarize, for
    Prod-Xacc-Access
    role, the role ARN will be displayed as
    arn:aws:iam::112233445566:role/Prod-Xacc-Access
    . Ensure that the format is:
    arn:aws:iam::account-id:role/role-name
    .