Creating a UMS group and machine users
This procedure ensures that the CDP machine user gets permission to access the tenant bucket.
Repeat the following steps for each tenant:
In Management Console, create a User Management Service (UMS)
group, for example group-tenant-1.
, click CREATE GROUP and
In add this UMS machine user to
, search for and select your srv_machine_<env
- In , select an environment , and click .
- Click + to add a mapping, select the Group-tenant-1 and Role-tenant-1, and specify the role ARN (copied from the IAM role page on AWS).
Synchronize your group changes with FreeIPA by performing a user sync per
environment: In the RAZ-enabled environment, click
The UMS machine user gets the permission to access the tenant-specific container.