Create the cluster operator, Secure Agent, master, and worker roles, and create the appropriate policies for each role to perform cluster operations in the AWS environment.
To create the IAM roles, complete the following tasks:
Create the cluster operator role.
Create the cluster operator policy.
Attach the cluster operator policy to the cluster operator role.
Configure the maximum CLI/API session duration for the cluster operator role.
Create or reuse the Secure Agent role.
Add the AssumeRole permission to the Secure Agent role.
Configure the trust relationship for the cluster operator role to include the Secure Agent role.
Create user-defined master and worker roles.
Optionally, encrypt staging data and log files at rest.
Optionally, create role-based security policies for Amazon data sources.
Create or reuse a cluster storage access policy for the Secure Agent role.
To minimize the Secure Agent's permissions in your environment, avoid attaching the cluster operator role to the Secure Agent machine.