Specifying Settings for New IAM Role

[This step applies if you selected the Create a new IAM Role option]

At the Role Settings step of the wizard, specify the following settings:

1. In the AWS Role Name field, specify a name for the IAM role. The IAM role will be created with the specified name in AWS.

2. Under Grant the following permissions, select check boxes next to permission sets that must be granted to the IAM role:

• Service Role — select this check box to grant permissions sufficient to launch worker instances.
• Policy Role — select this check box to grant permissions sufficient to perform backup.

The IAM role with this permission set will allow you to back up any instance or VPC configuration within the AWS account.

• Repository Role — select this check box to grant permissions sufficient to add Amazon S3 buckets as S3 repositories.

The IAM role with this permission set will allow you to add as an S3 repository any Amazon S3 bucket within the AWS account.

If you want the IAM role to have granular permissions, do not select check boxes (for example, you may want the IAM role to have permissions only on specific EC2 instances). In this case, after the IAM role is created, you can grant the necessary permissions to it in the IAM Management Console. To learn how to gran permissions to an IAM role, see AWS Documentation.

3. Provide one-time access keys of an IAM user that is authorized to create IAM roles in an AWS account.

The specified access keys determine in which AWS account the role will be created. For example, if you specify access keys of an IAM user from the initial AWS account, the IAM role will be created in the initial AWS account and will have permissions on AWS services and resources of the initial account.