Step 2 - Create a role

Suggest edits

Following on from Creating a policy, you now need to create a role in AWS that uses that policy. You then need to inform EDB Postgres AI of the role ARN so that it can access the RDS and S3 metadata in your AWS account.

  1. Go to the AWS console UI, and in the left-hand navigation pane, choose Roles and then select the Create role button.

  2. Select Custom trust policy role type.

  3. In the Custom trust policy section, paste the trust policy you obtained from Step 2 in the Cloud Hosted Databases UI. It looks similar to this:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::292478331082:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "<project-id>"
        }
      }
    }
  ]
}
    Note

    The EDB Postgres AI Cloud Hosted Databases UI shows a snippet like the one above but with the <project-id> already specified.

  4. Select the Next button.

  5. Select the policy you created earlier. In this example, we used edb-postgres-ai-addon-policy.

  6. Select the Next button.

  7. Give the role a name. Note that you must give the role a name that starts with biganimal-role, such as biganimal-role-beacon.

  8. Select the Create role button.

  9. Still in the AWS console, select the View role button in the green banner at the top of the Roles dashboard in the AWS console.

  10. Copy the role ARN from the Summary section of the Role page in AWS console and paste it into the form at the bottom of the Cloud Hosted Databases UI labeled Role ARN.

  11. Select the Next: Regions and Services button in the Cloud Hosted Databases UI to move to Step-3: Regions and Services.

← Prev

Step 1 - Create a custom policy

↑ Up

Integrating AWS resources into your Estate

Next →

Step 3 - Set regions and services

Could this page be better? Report a problem or suggest an addition!