Hi @Atul Aggarwal, You have 2 options: using key-based or role-based credentials. Key-based credential: you can set your AWS keys of an IAM user with an "AssumeRole" policy in the Profile file. In this case you don't need the instance profile export AWS_ACCESS_KEY_ID=AKIA**************W7SA
export AWS_SECRET_ACCESS_KEY=RWCT4Cs8******************/*skiOkWD This iam user has the generate-role policy next to the assume-role policy. in this case you can use the following command to generate an iam role for cloudbreak with the following cbd commands: cbd aws generate-role - Generates an AWS IAM role for Cloudbreak provisioning on AWS
cbd aws show-role - Show assumers and policies for an AWS role
cbd aws delete-role - Deletes an AWS IAM role, removes all inline policies After the role generation you can use the generated role for the credential creation from cb shell: credential create --AWS --name cloudbreak --roleArn "arn:aws:iam::xxxx:role/cbreak-deployer" --sshKeyString "xxxxx" --publicInAccount true If you use the roleArn for credential creation, you don't need to use the accesskey and secretkey in the command. Role-based credential: You can create an IAM user with "AssumeRole" policy. The "generate-role" policy will be necessary here as well. To configure role-based credentials, start your instance with an "AssumeRole" policy. For more information, see Using Instance Profiles and Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances. In this case you don't need to set the aws access and secret key in the Profile file. After this the 3-4 steps from the Key based credential have to be executed. You can find the details in the documentation here: http://sequenceiq.com/cloudbreak-docs/latest/aws/#configure-role-based-credentials
... View more
