Before you provision instances with Amazon AWS, you must have Amazon machine images and instance types associated with your Amazon AWS account.
The vRealize Automation access rights that you need to perform tasks such as creating endpoints, reservations, and blueprints, and requesting machine provisioning are described for the applicable vRealize Automation tasks in this guide. However, you must also be configured in Amazon Web Services (AWS) to perform related endpoint tasks.
Role and Permission Authorization in Amazon Web Services
The Power User role in AWS provides an AWS Directory Service user or group with full access to AWS services and resources.
You do not need any AWS credentials to create an AWS endpoint in vRealize Automation. However, the AWS user who creates an Amazon machine image is expected by vRealize Automation to have the Power User role.
Authentication Credentials in Amazon Web Services
The AWS Power User role does not allow management of AWS Identity and Access Management (IAM) users and groups. For management of IAM users and groups, you must be configured with AWS Full Access Administrator credentials.
vRealize Automation requires access keys for endpoint credentials and does not support user names and passwords. To obtain the access key needed to create the Amazon endpoint, the Power User must either request a key from a user who has AWS Full Access Administrator credentials or be additionally configured with the AWS Full Access Administrator policy.
For information about enabling policies and roles, see the AWS Identity and Access Management (IAM) section of Amazon Web Services product documentation.