Skip to main content

Manual Setup of the Ahana Compute Plane

The Ahana Compute Plane requires several AWS services such as Amazon Elastic Kubernetes Service, S3, and others. To provision these resources, the AWS role that Ahana assumes must have policies that allow Ahana to orchestrate and deploy the needed resources in your AWS account.

info

The contents of these policies are available at Ahana AWS IAM Policies.

This page presents how to manually provision your Ahana Compute Plane by creating a new AWS IAM role in your AWS account, using the Ahana account ID and custom external ID to grant Ahana cross-account access.

info

See Set Up the Ahana Compute Plane to use CloudFormation templates to provision the Compute Plane.

Enter the AWS Account ID

  1. Log in to the Ahana SaaS Console.

  2. Select Manual.

AWS IAM Role Creation

  1. Enter the AWS Account ID of the AWS account you want the Ahana Compute Plane to be deployed to.

Create AWS IAM Policies

Perform this task for each of these policies:

  • Permission Boundary AWS Policy
  • Core Infrastructure AWS Policy
  • Operations AWS Policy
info

The contents of these policies are available at Ahana AWS IAM Policies.

AWS IAM Role Creation

  1. In Ahana, select Copy Policy to copy the policy.

    note

    To copy or view the Operations AWS Policy, you must enter the AWS Account ID.

  2. Optionally, select View Policy to review the policy.

  3. In the online help in Ahana, select the IAM policy link in Step 1 to open AWS. Log in to AWS to view Create policy in AWS IAM.

  4. In AWS Create policy, select Edit Policy.

  5. Select JSON.

  6. In the policy editor, delete the contents and enter the policy that you copied from Ahana.

  7. Select Next: Tags, then Next: Review.

  8. Enter the Name of the policy.

    • The Permission Boundary AWS Policy must be named ahana-cloud-boundary-policy.
    • The recommended name of the Core Infrastructure AWS Policy is ahana-cloud-infrastructure-policy.
    • The recommended name of the Operations AWS Policy is ahana-cloud-operations-policy.

  9. Optionally, enter a Description of the policy.

  10. Select Create Policy.

Create an AWS IAM Role

info

For information about the role you are creating in this task, see Ahana Provisioning Role.

  1. In Ahana, copy the Ahana Account ID.

AWS IAM Role Creation

  1. In the online help in Ahana, select the IAM role link in Step 4 to open AWS. Log in to AWS to view Create role in AWS IAM.

  2. In AWS Create role, select Another AWS account.

  3. Enter the Ahana Account ID value that you copied from Ahana into Account ID.

  4. Select Require external ID (Best practice when a third party will assume this role).

  5. In Ahana, copy External ID.

AWS IAM Role Creation

  1. In AWS, enter the External ID value that you copied from Ahana into External ID.

  2. Select Next: Permissions.

  3. Select the Core Infrastructure AWS Policy and the Operations AWS Policy that you created in Create AWS IAM Policies.

  4. Select Next: Tags.

  5. Select Next: Review.

  6. Enter a Role name. The recommended name of the role is ahana-cloud-provisioning-role, but that name is not required.

  7. Optionally, enter a Role description.

  8. Select Create role.

Provide Ahana with the AWS IAM Role ARN

  1. In AWS, view the role that you created in Create an AWS IAM Role.

  2. in the Summary of the role, copy the ARN.

  3. In Ahana, enter the copied value in Role ARN.

AWS Setup

Complete the Compute Plane Setup

To finish provisioning the Compute Plane, perform the steps in Complete the Compute Plane Setup.