- Newest
- Most votes
- Most comments
Hello Dan,
Thank you very much for your reply.
-
Yes. MATLAB instructions asked me to add the AWSSSODirectoryAdministrator policy to the role I created. I created a role on its own.
-
I am using the IAM account for the role. When I log in as a root user, I just go to the IAM panel.
-
A trusted relationship between the Root User and IAM accounts? No, I did not create a trusted relationship between the two. I do not know why and how I do this. When I log in as a Root User, I just go to IAM link.
-
I follow the MATLAB instructions when creating the role.
please set up a non-root user role
How do I create a non-root user role? The role I created is already under IAM and then Roles.
You'll need a trusted relationship between your account and the external MATLAB account - this is a cross-account access situation (linked above). There's a tutorial that describes prod/dev, this is also applicable for your AWS account & external AWS accounts.
I appreciate this but I am a bit wondering whether I am really supposed to cover the overwhelming steps described. In MATLAB I am able to fill in all required fields like MathWorks Account ID, External ID, and Role ARN. So is this really not enough?
Non-root user is any IAM role that you can create (and even give administrative access too) - the root user basically has unlimited control, access, etc - best practice is to use specific roles that root can control if someone hacks the password. If someone hacks root, they can do pretty much anything to your account. You can set up new users (and add MFA to root) under the IAM dashboard.
A couple places I'd start:
1/ Did you assign a policy to the user role (also, would recommend, as always, do not use root for services, create a separate user role)?
2/ Have you created a trusted relationship between the accounts?
The AWS Documentation covers setting up roles for third party access.
The MATLAB help center has a detailed walkthrough for setup.
A trusted relationship between the Root User and IAM accounts? No, I did not create a trusted relationship between the two. I do not know why and how I do this. When I log in as a Root User, I just go to IAM link.
The root user (again, please set up a non-root user role) and IAM are already in a trust relationship. You'll need a trusted relationship between your account and the external MATLAB account - this is a cross-account access situation (linked above). There's a tutorial that describes prod/dev, this is also applicable for your AWS account & external AWS accounts.
I edited the trust policy under the Trust Relationships tab as explained here https://nl.mathworks.com/help/cloudcenter/ug/aws-identity-and-access-management-iam.html#mw_4acedbdf-46b9-41ff-b177-7390d04ffb06 I still get the error. By the way, I have to say that this procedure should not be this complicated. It is was too overwhelming. AWS should not expect a customer to edit a code.
Relevant content
- asked a month ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Great to hear you're using a non-root user & role. Can you please doublecheck the policy? SSO Directory Admin doesn't pass the sniff test (I'm no MATLAB expert though). I think the role needs access to do administrative work like setting up cloudformation, notification, EC2, and the like.