You must use the policies on this page to grant the permissions that OnCommand Cloud Manager needs to deploy and manage NetApp Cloud Volumes ONTAP (formerly ONTAP Cloud) in Amazon Web Services (AWS) and in Microsoft Azure.
IAM policies are required when using Cloud Manager and Cloud Volumes ONTAP in AWS. The following policies are available for the latest release.
|IAM policy||When to use||More information|
|NetApp Cloud Central||When launching Cloud Manager in AWS using NetApp Cloud Central.||You must attach this policy to the IAM user that you use to deploy Cloud Manager from NetApp Cloud Central.|
|Cloud Manager||When you cannot launch Cloud Manager in AWS from NetApp Cloud Central but you want to launch Cloud Volumes ONTAP in AWS.||If you do not deploy Cloud Manager from NetApp Cloud Central, then you must provide Cloud Manager with the permissions that it needs to launch and manage Cloud Volumes ONTAP in AWS. You can grant the permissions in one of two ways: |
|Cloud Volumes ONTAP nodes||When launching Cloud Volumes ONTAP in C2S or when you want to create your own policy.||Creating an IAM policy and role for Cloud Volumes ONTAP is required in the AWS Commercial Cloud Services Environment. It is optional in other regions because Cloud Manager can do it for you.|
|HA mediator for Cloud Volumes ONTAP||When launching HA pairs in C2S or when you want to create your own policy.||Creating an IAM policy and role for the HA mediator is required in the AWS Commercial Cloud Services Environment. It is optional in other regions because Cloud Manager can do it for you.|
For more information about using these policies with Cloud Manager, go to NetApp Docs: Granting AWS permissions.
The following policy is available for creating a custom role in Azure RBAC:
For information about custom roles, refer to the following Azure documentation: Custom Roles in Azure RBAC.
After you create the custom role, you must assign it to an Active Directory service principal. For more information, go to NetApp Docs: Granting Azure permissions to Cloud Manager.