You are here
We have been a number of requests for assistance with IAM role creation lately (required as part of the Hub signup process).
I have had a look and although the AWS UI has changed a little and isn't quite as simple it used to be, the Hub's step-by-step instructions still appear to mostly be correct. The instructions aren't really verbose and there are some minor changes so some of the steps don't exactly match what AWS now provides.
So whilst the process to set up the IAMs role is pretty much the same as it was and the Hub instructions more-or-less match what is required, they don't exactly match. In an effort to improve this, I have gone through step-by-step and taken screenshots and described the process below.
Note: that because I already have the default IAMs role name (turnkeyhub) and CloudFormation stack name (turnkeyhub-iamrole) registered in my AWS account, I've had to rename them (to turnkeyhub2 and turnkeyhub-iamrole2 respectively). I have not highlighted these changes in the screenshots as by default changes are not needed (but can be done if you have reason to; i.e. you can follow my lead if you want and so long as you use the new names consistently, all will be well). So only the parts I've highlighted need to be done.
Important Note: The ExternalID should remain secret! I've left mine visible in the screenshots so it's easy for users to see exactly what is going on, but I have since deleted this IAMs role from my AWS account.
The Hub "welcome/setup page":
Step 1
A) Launch the turnkeyhub-iamrole stack, and click Next.
Click the text link and should see this page:
As noted, click "Next" (Orange button - highlighted in screenshot).
B) In the parameters section, insert the External Id: <YOUR_EXTERNAL_ID_HERE>, and click Next.
Note: copy your "External Id" from the Hub page (it's in yellow text - see the top screenshot on this page for reference) and paste into the relevant box highlighted in screenshot below). Yours will be different to mine - use yours; not mine! (also keep this private).
As noted, click "Next" (Orange button - highlighted in screenshot).
C) In the options section, click Next.
Scroll to the bottom of the page.
And click "Next" (Orange button - highlighted in screenshot below).
D) Check the I acknowledge that AWS CloudFormation might create IAM resources, and click Create.
Again, scroll to the bottom of the page.
Click in the box next to "I acknowledge ..." (highlighted with arrow in screenshot below) and then click the "Create stack" button" (Orange button - highlighted in the screenshot below).
Step 2: Register the Role ARN with the Hub
Click the refresh button (circular arrow icon; as highlighted in screenshot below)
If need be, re-click the refresh button until you see the process has completed. You should see something like this:
A) Click on the Output[s] section in cloudformation stack so it unfolds [tab]
The "Outputs" tab is highlighted in the screenshot below; as is the ARN that you need to copy/paste back into the Hub in the next step.
B) Copy/paste the IAM Role ARN into the form below, and click Submit Authorization.
Copy the ARN from AWS page (as highlighted in above screenshot) back into the relevant box within the Hub (as noted in screenshot below).
Then click the "Submit Authorization" button (as highlighted in screenshot above).
AWS setup should now be complete!
Final note: DO NOT delete the turnkeyhub-iamrole stack as this will also delete the IAMs role!