You must use the policies on this page to grant the permissions that Cloud Manager needs to deploy and manage ONTAP Cloud systems in Amazon Web Services (AWS) and Microsoft Azure.
IAM policy for Cloud Manager
You must use an IAM policy to grant permissions by doing one of the following:
The following policies are available for Cloud Manager 3.3 and later:
IAM policies for ONTAP Cloud nodes and the HA mediator
Creating an IAM policy and role for ONTAP Cloud is required in the AWS Commercial Cloud Services Environment. It is optional in other regions.
ONTAP Cloud nodes and the HA mediator require permissions for S3 capacity tiering and HA management. In the AWS Commercial Cloud Services Environment, you must create the policy and role yourself. In standard AWS regions and in GovCloud, you can let Cloud Manager create the policy and role for you when you launch ONTAP Cloud systems. However, advanced users can use the policies below to create their own IAM policies and roles.
For more information about using these policies with Cloud Manager, see the OnCommand Cloud Manager Documentation Center.
You must use one of the following policies to create a custom role in Azure RBAC:
For information about custom roles, refer to the following Azure documentation: Custom Roles in Azure RBAC.
After you create the custom role, you must assign it to an Active Directory service principal. For more information, see the OnCommand Cloud Manager Documentation Center.