We laid out a few IAM configuration flavors: EC2, Lambda and EKS.
- EC2
- Lambda
- EKS
- Create an IAM Role with a trust policy allowing EC2 to assume the role:
aws iam create-role \
--role-name cloudparrot-ec2 \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}'
- Create and attach an IAM policy document:
aws iam put-role-policy \
--role-name cloudparrot-ec2 \
--policy-name LookupEventsPolicy \
--policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cloudtrail:LookupEvents",
"Resource": "*"
}
]
}'
- Create an IAM Role with a trust policy allowing Lambda to assume the role:
aws iam create-role \
--role-name cloudparrot-lambda \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}'
- Create and attach an IAM policy document:
aws iam put-role-policy \
--role-name cloudparrot-lambda \
--policy-name LookupEventsPolicy \
--policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cloudtrail:LookupEvents",
"Resource": "*"
}
]
}'
- Create an IAM Role with a trust policy for EKS worker nodes:
aws iam create-role \
--role-name cloudparrot-eks \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}'
- Create and attach an IAM policy document:
aws iam put-role-policy \
--role-name cloudparrot-eks \
--policy-name LookupEventsPolicy \
--policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cloudtrail:LookupEvents",
"Resource": "*"
}
]
}'
If your desired runtime is not in this list, please email us at support@cloudparrot.ai
Previous: ← Getting Started
Next: Slack Configuration →