Skip to main content

Detached Core AWS Infrastructure Policy

When your Ahana Compute Plane was set up, an AWS IAM role and policies were created in your AWS account to provision the Compute Plane and allow that role to create Presto clusters and related activities. One of these policies is the Core AWS Infrastructure Policy.


See Core Infrastructure AWS Policy for the policy's content.

The Core AWS Infrastructure Policy only contains the permissions required to provision or destroy an Ahana Compute Plane. Optionally, once an Ahana Compute Plane is provisioned, you can detach the Core AWS Infrastructure Policy from the Ahana provisioning role as an added security precaution. However, you must be sure that the Core AWS Infrastructure Policy is attached to the Ahana provisioning role when you destroy an Ahana Compute Plane, or provision a new one.

When the Core Infrastructure AWS Policy is not attached to the Role, Account Settings in Ahana displays a No infrastructure policy attached to provisioning role banner.

No infrastructure policy attached

To detach or attach the Core AWS Infrastructure Policy to the Role:

  1. Log in to Ahana.

  2. In the upper right, select the account name, then select Account Settings.

  3. At the right end of Role ARN, select the Launch icon to open the AWS Console and display the IAM Role. IAM Role with both policies


    The recommended name of the Core Infrastructure AWS Policy is ahana-cloud-infrastructure-policy, but that name is not required.

  4. In AWS, attach or detach the Core Infrastructure AWS Policy.

  • To detach the policy, select the checkbox for the policy, then select Remove.
  • To attach the policy, select Add permissions, then Attach policies. Select the checkbox for the Infrastructure Policy, then select Attach policies.