By using AWS re:Post, you agree to the Terms of Use
/Verify permissions for the IAM role/

Verify permissions for the IAM role

0

I am trying to create a cloud cluster using AWS within MATLAB. I am experiencing an error. I created a Root User / IAM account successfully. I go to MATLAB and try to create the cloud cluster. I see four panels where I have to fill in details. They are "Requirement", "Billing", "Create Cluster", and "Finish". I succeed in the first two but got stuck at the third. The "MathWorks Account ID" is filled in fine. The "External ID" is filled in fine. The "Role ARN" is filled in fine. When I press "Next", I get the error "Verify permissions for the lAM Role. Changes to AM entities may not be reflected immediately." What am I doing wrong?

5 Answers
0

Hello Dan,

Thank you very much for your reply.

  1. Yes. MATLAB instructions asked me to add the AWSSSODirectoryAdministrator policy to the role I created. I created a role on its own.

  2. I am using the IAM account for the role. When I log in as a root user, I just go to the IAM panel.

  3. A trusted relationship between the Root User and IAM accounts? No, I did not create a trusted relationship between the two. I do not know why and how I do this. When I log in as a Root User, I just go to IAM link.

  4. I follow the MATLAB instructions when creating the role.

answered 2 months ago
  • Great to hear you're using a non-root user & role. Can you please doublecheck the policy? SSO Directory Admin doesn't pass the sniff test (I'm no MATLAB expert though). I think the role needs access to do administrative work like setting up cloudformation, notification, EC2, and the like.

0

please set up a non-root user role

How do I create a non-root user role? The role I created is already under IAM and then Roles.

You'll need a trusted relationship between your account and the external MATLAB account - this is a cross-account access situation (linked above). There's a tutorial that describes prod/dev, this is also applicable for your AWS account & external AWS accounts.

I appreciate this but I am a bit wondering whether I am really supposed to cover the overwhelming steps described. In MATLAB I am able to fill in all required fields like MathWorks Account ID, External ID, and Role ARN. So is this really not enough?

answered 2 months ago
  • Non-root user is any IAM role that you can create (and even give administrative access too) - the root user basically has unlimited control, access, etc - best practice is to use specific roles that root can control if someone hacks the password. If someone hacks root, they can do pretty much anything to your account. You can set up new users (and add MFA to root) under the IAM dashboard.

0

A couple places I'd start:

1/ Did you assign a policy to the user role (also, would recommend, as always, do not use root for services, create a separate user role)?

2/ Have you created a trusted relationship between the accounts?

The AWS Documentation covers setting up roles for third party access.

The MATLAB help center has a detailed walkthrough for setup.

answered 2 months ago
0

A trusted relationship between the Root User and IAM accounts? No, I did not create a trusted relationship between the two. I do not know why and how I do this. When I log in as a Root User, I just go to IAM link.

The root user (again, please set up a non-root user role) and IAM are already in a trust relationship. You'll need a trusted relationship between your account and the external MATLAB account - this is a cross-account access situation (linked above). There's a tutorial that describes prod/dev, this is also applicable for your AWS account & external AWS accounts.

answered 2 months ago
0

I edited the trust policy under the Trust Relationships tab as explained here https://nl.mathworks.com/help/cloudcenter/ug/aws-identity-and-access-management-iam.html#mw_4acedbdf-46b9-41ff-b177-7390d04ffb06 I still get the error. By the way, I have to say that this procedure should not be this complicated. It is was too overwhelming. AWS should not expect a customer to edit a code.

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions