Fantasy Grounds - Port Forwarding - Transparent Op
  • Fantasy Grounds - Port Forwarding and a "transparent" OpenVPN setup
  • General
    • Introduction - F.G.Comms
    • GM's machine barriers
    • Internet connection barriers
    • Some NO-GO Situations
    • VPN solutions
  • Proposed Solution
    • "Transparent" OpenVPN-based Port Forwarding
    • Tools
    • Amazon Web Services
    • Setup process overview
  • Local setup - Step-by-step
    • Step 0 : Preparation
    • Step 1 : OpenVPN + Easy-RSA & "new-PKI"
    • Step 2 : Create your own PKI
    • Step 3 : Setup OpenVPN connections
  • AWS Setup - Click-by-Click
    • Step 4 : Your AWS environment
    • 4.1-Creating the IAM Role
    • 4.2-Choosing the AWS Region
    • 4.3-Creating the S3 bucket
    • 4.4-Virtual Private Cloud - Default VPC
    • 4.5-Creating an AWS Key Pair
    • 4.6-Creating an AWS Security Group
    • 4.7-Filling the bucket
    • 4.8-Building the Launch Template
  • Transfer & First Test
    • Step 5 : Transfer to S3
    • Step 6 : Launch time !
    • Step 7 : Connect, test, fix glitches
    • Step 8 : Destroy/"Terminate" after use
  • Use your server
    • Regular Usage Pattern
  • Simultaneous FG games / 1 VPN Server
    • Lifting the "1 GM at-a-time" restriction
    • FGU vs. FGC networking
    • VPNs for both FGC + FGU (LAN mode)
  • Upgrading our setup for "N-at-a-time", FGC/FGU
    • Untitled
  • Appendixes
    • Acronyms and definitions
    • AWS acronyms
    • AWS admin user + API access key
    • AWS, DNS, DDNS, CRL...
    • Possible (?) developments
  • Links
    • Fantasy Grounds Web
    • Fantasy Grounds Discord
    • FG College Web
    • FG College Discord
    • FG College KB
    • Our "EU" Discord
    • OpenVPN
    • AWS
Powered by GitBook
On this page

Was this helpful?

  1. AWS Setup - Click-by-Click

4.1-Creating the IAM Role

PreviousStep 4 : Your AWS environmentNext4.2-Choosing the AWS Region

Last updated 5 years ago

Was this helpful?

The first "service console" we'll open is the IAM console (IAM is in the Security, Identity, & Compliance section), which is region-agnostic.

You'll find the "Roles" option in the menu to the left :

Choose this link, then use the big blue "Create Role" button at the top, and you'll have a 4-steps process to follow...

Click :

  • the "AWS service" block under Select Type of trusted entity

  • the "EC2" block under Choose the service that will use this role

Then click the big blue "Next: Permissions" button at the bottom (to step 2)...

I already had some policies and roles defined in this account, which is why I had to blur specifics

  • AmazonEC2FullAccess (search for "ec2fu")

  • AmazonS3FullAccess (search for "s3fu")

Then click the blue "Next: Tags" button at the bottom (to step 3)...

We don't need tagging, so just click the blue "Next: Review" button at the bottom (to step 4)...

Give a name to your new role (i suggest "configuration name"-ec2role as shown above) and verify you have correctly included the 2 policies.

Then hit the blue "Creale Role" button and you're done.

You have just created an IAM Role, that you'll assign to your OpenVPN server later on, so that it can access the EC2 and S3 services on your behalf at startup, without restriction.

Your server will need that to :

  • auto-configure itself during startup (setting network options in the EC2 service)

  • download configuration parameters and scripts from S3

Note: This IAM Role could have been defined with restricted, custom-specified permissions, both in EC2 and S3, rather than "Full Access", but that would be too complex to explain here. Also if you connect to your server in an interactive terminal, you'll be happy to have access to the full EC2 and S3 APIs from there without restriction or needing an access key or password.

Use the search filter box above the list of permission policies to locate and put a check mark on these 2 policies provided by AWS :

without the need of passwords (=> safe parameter files and scripts )

✅
👍
👍
Your shiny new IAM Role