OnCommand Cloud Manager policies for AWS and Azure

You must use the policies on this page to grant the permissions that OnCommand Cloud Manager needs to deploy and manage NetApp Cloud Volumes ONTAP (formerly ONTAP Cloud) in Amazon Web Services (AWS) and in Microsoft Azure.

AWS

IAM policies are required when using Cloud Manager and Cloud Volumes ONTAP in AWS. The following policies are available for the latest release.

IAM policy When to use More information
NetApp Cloud Central When launching Cloud Manager in AWS using NetApp Cloud Central. See Getting started in AWS.
Cloud Manager When you cannot launch Cloud Manager in AWS from NetApp Cloud Central but you want to launch Cloud Volumes ONTAP in AWS. If you do not deploy Cloud Manager from NetApp Cloud Central, then you must provide Cloud Manager with the permissions that it needs to launch and manage Cloud Volumes ONTAP in AWS. You can grant the permissions in one of two ways:
  • Attach the policy to an IAM role, and then attach the role to the Cloud Manager instance in AWS.
  • Attach the policy to IAM users or groups, and then specify the AWS access keys for those IAM users when setting up Cloud Manager user accounts.

For more details, see Granting permissions when Cloud Manager is not launched from Cloud Central

Cloud Volumes ONTAP nodes When launching Cloud Volumes ONTAP in C2S or when you want to create your own policy. Creating an IAM policy and role for Cloud Volumes ONTAP is required in the AWS Commercial Cloud Services Environment. It is optional in other regions because Cloud Manager can do it for you.
HA mediator for Cloud Volumes ONTAP When launching HA pairs in C2S or when you want to create your own policy. Creating an IAM policy and role for the HA mediator is required in the AWS Commercial Cloud Services Environment. It is optional in other regions because Cloud Manager can do it for you.

Policies for previous releases ▾

For more information about IAM policies, refer to the following AWS documentation: Policies and Permissions and Managing IAM Policies.

Azure

The best way to get Cloud Manager up and running in Azure is through NetApp Cloud Central, but you can deploy Cloud Manager directly from the Azure Marketplace, if you prefer. Both options require a policy to provide the required permissions.

Policy When to use More information
NetApp Cloud Central When launching Cloud Manager in Azure using NetApp Cloud Central. See Getting started in Azure.
Cloud Manager When you cannot deploy Cloud Manager in Azure from NetApp Cloud Central but you want to launch Cloud Volumes ONTAP in Azure. If you do not deploy Cloud Manager from NetApp Cloud Central, then you must provide Cloud Manager with the permissions that it needs to deploy and manage Cloud Volumes ONTAP in Azure. You can grant the permissions in one of two ways:

Policies for previous releases ▾

For information about custom roles, refer to the following Azure documentation: Custom Roles in Azure.