Ylastic and IAM role for cross AWS account access

Ylastic uses IAM roles provided by you to access and manage AWS account resources. There are two ways to create the role.

  • Manual Configuration - You can create an IAM role, assign permissions (choose the perms from one of the sample policies listed in this section), and set up trust relationship with Ylastic.

  • Automatic Configuration - You also have the option to quick create the IAM role and necessary permissions by using the quick create links. These are links to CloudFormation Templates that can create, assign perms and configure the role. All you have to do is select the link. That will take you to the template launch page. Click to create and configure a new IAM role in the AWS account that you are logged in.

    • Read only link creates a role which can view all the pages in Ylastic but cannot modify anything, and also cannot run any scheduled tasks.
    • Administrator link creates a role which can perform all functions in Ylastic and run scheduled tasks.

FAQ

  • The IAM permissions required in Ylastic will change from time to time as we add more services or enhance the existing feature set. If this is the case, you can remove the IAM role and re-create it using the quick links. The Cloudformation templates used will always be updated to reflect the latest set of perms needed.

  • To remove the IAM role all you have to do is delete the CloudFormation stack. That will automatically remove the IAM role.