Skip to main content

Privacera Documentation

AWS Access with IAM role on PrivaceraCloud

You can use an IAM role trust relationship to access to AWS resources.

Start by creating or revising an AWS IAM Role in your AWS Account such that it has full access to the data resources to be connected to your PrivaceraCloud account.

Modify this IAM Role to include a trust relationship with the PrivaceraCloud AWS access role:

"arn:aws:iam::870790086151:role/PCLOUD_DATA_ACCESS_ROLE"

This configuration can be done in the AWS Console:

  1. Open the AWS IAM Management Console.

  2. Open Roles and open the role with access to your data resources.

  3. Open the Trust relationships tab and click Edit trust relationship.

  4. Add a new policy document as shown below. For additional security, an external ID can be attached to your IAM role configured. This assures that your IAM role can be assumed by PrivaceraCloud only when the configured external ID is passed.

    Policy without External ID:

    {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["arn:aws:iam::870790086151:role/PCLOUD_DATA_ACCESS_ROLE"],"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}
    

    Policy with External ID:

    Note

    The external ID is stored encrypted. It is never reflected back to the UI or is made visible.

    {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["arn:aws:iam::870790086151:role/PCLOUD_DATA_ACCESS_ROLE"],"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole","Condition":{"StringEquals":{"sts:ExternalId":"<configured-external-id>"}}}]}
    
  5. Click Update Trust Policy to save this revision.

  6. Use this updated IAM role when configuring IAM trust role access to PrivaceraCloud.