The next step is to create a Role and a Policy. The purpose of these is to give your AWS Cloud AMI Instance permission to read the Keys you just entered in the last step. Without the correct Role and Policy, the AWS Instance will not be assigned to your remote.it account, as remote.it will not be able to read the Parameter Store.
The Role and Policy only have to be created once per environment. For any future remote.it AWS Instances, simply select the Role and Policy you made previously.
1. Access the Identity and Access Management (IAM) console within AWS.
2. Click Roles under Access management.
3. Click the blue Create role button.
4. Under Choose a use case, select EC2.
5. Click the blue Next: Permissions button.
6. On the Permissions tab, click Create policy. A new tab will open.
7. Click the JSON tab and replace the code with this text:
"Resource": "arn:aws:ssm:*:<insert account ID>:parameter/remoteit/*"
Your page should look like this:
You must enter your 12 digit AWS account ID into the text where it says <insert account ID>. Without your account ID the setup will fail.
8. Click Review policy and give it a name and description.
9. Click Create policy.
The Policy has been created! Now it's time to finish creating the Role.
10. Close the Policy tab and click back to the Roles tab you started at.
11. Search for the Policy you just created.
12. Check the Policy, then click Next: Tags.
Giving the Role a tag isn't necessary, but you can add a tag if you wish.
13. Click Next: Review and give your role a name and description.
14. Click Create role.
You've created the Role. This Role will now grant access to your secure keys within the Parameter Store whenever you assign it to an Instance.