Skip to main content
Enterprise AWS Infra IAM Setup: IAM Role

Bebop AWS Infra IAM Setup: IAM Role

Owen Badger avatar
Written by Owen Badger
Updated over 2 months ago

This page explains the steps to create an Enterprise MCP user.

  1. IAM → Roles → Add Role → Create role

2. Select Another AWS Account

3. Enter Account ID as 067319167081

4. (Optional, Recommended): Click the Check Mark against Require external ID under Options and enter a random string for External ID

5. When done Click on Next: Permissions

6. Click Next: Tags without adding any permissions, will add permissions later.

7. Add desired Tags for the Bebop Service Role and Click Next: Review

8. Enter Role name as BebopServiceRole and a Role description as desired and click Create role

9. Select the Role just created (https://console.aws.amazon.com/iam/home#/roles/BebopServiceRole) → Permissions → Add inline policy

10. Select the JSON tab and enter the following IAM Policy:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"iam:PassRole",

"kms:Decrypt",

"kms:Encrypt",

"kms:RevokeGrant",

"kms:DescribeKey",

"ec2:*",

"kms:CreateGrant",

"kms:ListGrants",

"kms:ReEncrypt*",

"kms:GenerateDataKey*"

],

"Resource": "*"

}

]

}

11. Click on Review policy and enter the Name as BebopServiceRolePolicy

12. Click Create policy

13. Share the Role ARN and External ID (if created in step 2b) with Bebop Support.

Did this answer your question?