From fa82cc527a1d64ec176142329b9349baa93166a5 Mon Sep 17 00:00:00 2001 From: Nadine Dove <100526941+NadineDove@users.noreply.github.com> Date: Wed, 26 Oct 2022 12:56:03 +0300 Subject: [PATCH] Create Use access token from keycloak.md --- Docs/Use access token from keycloak.md | 95 ++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 Docs/Use access token from keycloak.md diff --git a/Docs/Use access token from keycloak.md b/Docs/Use access token from keycloak.md new file mode 100644 index 0000000..f5281d7 --- /dev/null +++ b/Docs/Use access token from keycloak.md @@ -0,0 +1,95 @@ +## Configuring ZIC To Use Access Token from Keycloak + +Zerto In-Cloud overcomes the AWS 20 concurrent snapshot copy limits between source and target regions by allowing you to use multiple AWS Accounts as Scale Accounts. Scale Accounts effectively multiply the number of concurrent snapshots that can be replicated for much lower RPOs. + +Use these steps to configure Zerto In-Cloud an IAM Policy and assign roles for ZIC Scale Accounts. + +1. Log into the scale account. +2. Navigate to **IAM - Policies**. +3. Create a Policy. +4. Create Roles. + +#### Create a Policy + +1. Navigate to the JSON tab, copy and paste the following: +```{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": + "VisualEditor0", + "Effect": "Allow", + "Action": [ + "ec2:CopySnapshot", + "ec2:DeleteSnapshot", + "ec2:CreateSnapshots", + "ec2:ModifySnapshotAttribute", + "ec2:DescribeInstanceTypeOfferings", + "ec2:CreateVolume", + "ec2:AttachVolume", + "ec2:DetachVolume", + "ec2:ModifyVolume", + "ec2:DeleteVolume", + "ec2:CreateTags", + "ec2:RunInstances", + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DescribeVolumeStatus", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "ec2:ModifyInstanceAttribute", + "ec2:RunInstances", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:StartInstances", + "ec2:TerminateInstances", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:StopInstances", + "dynamodb:DescribeTable", + "dynamodb:CreateTable", + "dynamodb:PutItem", + "dynamodb:Scan", + "dynamodb:GetItem", + "dynamodb:DeleteItem", + "dynamodb:Query", + "dynamodb:BatchGetItem", + "dynamodb:DeleteTable", + "dynamodb:ListTables", + "sts:AssumeRole", + "iam:passRole", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKeyWithoutPlainText", + ], + "Resource": "*" + } + ] +} +``` +2. Name the policy **ZicScaleAccountPolicy** and **Save**. + +#### Create Roles + +1. Go to **Roles**. +2. Create role - **Another AWS account**. +3. In **Account ID** insert the Deployment account. Click **Next**. +![Create_role](Images/ZIC_create_Role.png?raw=true) + +4. Select the policy you created. Click **Next**. + +![Create_Policy](Images/ZIC_create_Policy.png?raw=true) + +5. Name the Role **ZicScaleAccountRole**. + +![ZicScaleAccountRole](Images/ZIC_ZicScaleAccountRole.png?raw=true)