Prerequisites

Configure at least one virtual appliance (VA) cluster and successfully test the connection.
IAM role authentication requires an AWS EC2 instance to perform aggregation and provisioning operations.
Based on authentication method, create an IAM user or IAM role and assign required permission to it so that it uses all the cross-account roles.
Create a customer/Inline managed policy in each AWS account that you want to manage with policy document specified in Multiple Group Object Source Policies and Non Multiple-group Object Source Policies.
Create Cross Account Roles in each AWS account that you want to manage and attach the appropriate policies to the role.
Based on the authentication method, create the IAM user or IAM role and assign required permission to it so that it can assume all cross-account roles.
For each AWS cross-account role, establish the trust relationship with the IAM user or IAM role.

Note
Ensure you create the cross-account role across the AWS Accounts with the same name and assign the permissions as mentioned.
The AWS System Administrator can refine the Permission Policies as needed.

The IMDS hop limit must be set to 2. Example of expected output:

Copy

aws ec2 --profile dev describe-instances --instance-id i-0c42f9be78225a897 --query 'Reservations[].Instances[].MetadataOptions'
[
 {
  "State": "applied",
    "HttpTokens": "required",
     "HttpPutResponseHopLimit": 2,
     "HttpEndpoint": "enabled",
    "HttpProtocolIpv6": "disabled",
   "InstanceMetadataTags": "disabled"
 }
]

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Prerequisites

Documentation Feedback