Before you configure VMware Cloud Director Object Storage Extension with AWS, activate policy types in your AWS organization and create a specific policy for the IAM user that you use for the configuration with VMware Cloud Director Object Storage Extension.
Procedure
- Activate policy types for the AWS organization that you will configure with VMware Cloud Director Object Storage Extension.
- Create a policy with AWS STS Full Access privileges.
- In a Web browser, go to the AWS IAM Console at https://console.aws.amazon.com/iam/home and sign in.
- On the Access Management tab, in the left navigation pane, click Policies.
- In the details pane on the right side, click Create Policy.
- If you use the visual editor, select STS Service, All STS actions, and All Resources.
If you use the JSON editor, enter the following string:
{
"Version": "YYYY-MM-DD",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:*",
"Resource": "*"
}
]
}
- Click Review Policy.
- To save the policy, enter a name for the policy, for example, STSFullAccess.
- Assign permissions to the IAM user that you will use for configuring VMware Cloud Director Object Storage Extension with AWS.
Important: It is advised that you create an Identity and Access Management (IAM) user for your
AWS payer account and use the IAM user to establish the connection between
AWS and
VMware Cloud Director Object Storage Extension instead.
Assign the following permission to the IAM user:
- Amazon S3 Full Access
- AWS Organizations Full Access
- AWS IAM Full Access
- AWS STS Full Access (user-defined)
- AWS Key Management Service Power User
For more information, see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html.
What to do next
You can now configure VMware Cloud Director Object Storage Extension with AWS.
