Skip to main content

Ahana Provisioning Role

As part of setting up the Ahana Compute Plane in your AWS account, you create the Ahana Provisioning Role and the AWS IAM policies that set permissions for the role in your AWS account. You can use a CloudFormation template, or create it manually.


See Create a new AWS IAM Role to use CloudFormation, or Create an AWS IAM Role for manual instructions.

After you create the Provisioning Role and the AWS IAM policies for the role, you then copy the Role ARN of the Provisioning Role from AWS, and provide that Role ARN to your Ahana Control Plane to set up the correct trust relationship for Ahana to assume that Role. Assuming a role in AWS is a security best practice that doesn’t require you to share long-term credentials such as passwords with Ahana. You can then use your Ahana account in the Control Plane to provision and manage resources in the Compute Plane in your AWS account, such as create, stop, or delete Presto clusters.


The Ahana Provisioning Role uses AWS IAM policies to define only the permissions required to allow Ahana to orchestrate and deploy the needed resources in your AWS account. See Ahana AWS IAM Policies for the content of these policies.

The Provisioning Role is named ahana-cloud-provisioning-role if CloudFormation is used to create it. If you create the Provisioning Role manually, Ahana recommends naming the role ahana-cloud-provisioning-role but the exact name is not required.