You must configure credentials in Amazon AWS with the permissions required for vRealize Automation to manage your environment.
You must have certain Amazon access rights to successfully provision machines by using vRealize Automation.
Role and Permission Authorization in Amazon Web Services
The Power User role in AWS provides an AWS Directory Service user or group with full access to AWS services and resources.
You do not need any AWS credentials to create an AWS endpoint in vRealize Automation. However, the AWS user who creates an Amazon machine image is expected by vRealize Automation to have the Power User role.
Authentication Credentials in Amazon Web Services
The AWS Power User role does not allow management of AWS Identity and Access Management (IAM) users and groups. For management of IAM users and groups, you must be configured with AWS Full Access Administrator credentials.
vRealize Automation requires access keys for endpoint credentials and does not support user names and passwords. To obtain the access key needed to create the Amazon endpoint, the Power User must either request a key from a user who has AWS Full Access Administrator credentials or be additionally configured with the AWS Full Access Administrator policy.
For information about enabling policies and roles, see the AWS Identity and Access Management (IAM) section of Amazon Web Services product documentation.