Creating Workspot Cloud Configuration for AWS EC2

This article covers adding an AWS EC2 Cloud subscription to your Workspot deployment. It is part of the Getting Started with WorkSpot article series.

Create an IAM user in AWS.

Make sure user has programmatic access. Recommended not to have console access for this user.

Make sure user has following permission policies.

AWS Managed Permissions policies:

  • AmazonEC2FullAccess

  • AutoScalingFullAccess

  • AWSLicenseManagerConsumptionPolicy

Customer Managed Permission policies:

  • Allow creation of resource groups for dedicated hosts

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "VisualEditor0",
			"Effect": "Allow",
			"Action": [
				"resource-groups:SearchResources",
				"resource-groups:CreateGroup",
				"resource-groups:ListGroups"
			],
			"Resource": "*"
		},
			{
			"Sid": "VisualEditor1",
			"Effect": "Allow",
			"Action": "resource-groups:*",
			"Resource": "arn:aws:resource-groups:*:<AWS Account number>:group/*"
			}
] 
}

  • Additional License Manager permissions

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "license-manager:UpdateLicenseSpecificationsForResource",
                "license-manager:DeleteLicenseConfiguration",
                "license-manager:UpdateLicenseConfiguration",
                "license-manager:ListAssociationsForLicenseConfiguration",
                "license-manager:GetLicenseConfiguration",
                "license-manager:ListFailuresForLicenseConfigurationOperations",
                "license-manager:ListUsageForLicenseConfiguration"
            ],
            "Resource": "arn:aws:license-manager:*:<AWS Account number>:license-configuration:*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "license-manager:CreateLicenseConfiguration",
                "license-manager:ListLicenseConfigurations",
                "license-manager:ListLicenses",
                "license-manager:ListLicenseSpecificationsForResource"
            ],
            "Resource": "*"
        }
    ]
}
  • Additional Managed Gateway permissions

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "VisualEditor0",
			"Effect": "Allow",
			"Action": [
				"ssm:GetParameters",
				"ssm:GetParameter"
			],
			"Resource": "*"
		}
	]
}

Alternatively, You can create an IAM user group add these policies to the group and create an IAM user in the group.

- Login to Control, then go to Setup > Cloud and click on Add Public Cloud and fill the details.

- Enter a name for your AWS EC2 integration and select configuration type as Amazon Web Services.

- Provide the AWS console account number.

- Enter the Access key ID and Access key secret which you have saved before and click on save.

Related Documents