Creating a Cloudbreak Credential on AWS
Also available as:

Create CredentialRole

In order to use role-based authentication, you must create the CredentialRole on AWS.

Use the following “CbPolicy” policy definition:

    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Action": [
            "Resource": [
            "Effect": "Allow",
            "Action": [
            "Resource": [
            "Effect": "Allow",
            "Action": [
            "Resource": [
            "Effect": "Allow",
            "Action": [
            "Resource": [
            "Effect": "Allow",
            "Action": [
            "Resource": "*"


  1. Navigate to the IAM console > Roles and click Create Role:

  2. In the “Create Role” wizard, select Another AWS account role type. Next, provide the following:
    • In the Account ID field, enter your AWS account ID.
    • Under Options, check Require external ID.
    • In the External ID, enter “provision-ambari”.

  3. When done, click Next: Permissions to navigate to the next page in the wizard.
  4. Click Create policy and the create policy wizard will open in a new browser tab:

  5. Select the JSON view, and copy and paste the policy definition. You can either copy it from the section preceding these steps or download and copy it from here:

  6. When done, navigate to Review policy.
  7. On the Review policy page, in the Name field, enter a name for your policy, such as "CbPolicy":

  8. When done, click Create Policy.
  9. Return to the previous browser tab where you started creating a new role (since the create policy wizard was opened in a new browser tab).
  10. Click Refresh. Next, find the “CbPolicy” that you just created and select it by checking the box:

  11. When done, click Next: Review.
  12. In the Roles name field, enter role name, for example “CredentialRole”.

  13. When done, click Create role to finish the role creation process.

Once you are done, you can proceed to launch Cloudbreak.