Please enter search query.
Search <book_title>...
Cohesity Cloud Scale Technology Deployment Guide Using Terraform for AWS
Last Published:
2025-03-18
Product(s):
NetBackup & Alta Data Protection (11.0)
- Introduction
- Getting started with deployment
- Prerequisities for setting up AWS environment
- Prerequisites for Terraform
- Deploying Cloud Scale Technology using Terraform script
- Accessing the Cloud Scale Technology environment
- Troubleshooting and cleanup environment steps
AWS authentication and permission requirements
There are two ways to authenticate to AWS:
Through user credentials:
Authenticate to AWS with user having the following permissions (mentioned in pt.2)
Attach IAM role to the Terraform Management Server:
You have to attach IAM role to the Terraform Management Server
Below are the required permissions to be assigned to a user or IAM role created
A. Managed Policies
AmazonEKSClusterPolicy AmazonEKSWorkerNodePolicy AmazonEC2ContainerRegistryFullAccess AmazonEKSServicePolicy AmazonEKS_CNI_Policy AmazonEKSVPCResourceController
B. Create customer managed policy with below permissions and attach it to IAM role.
elasticfilesystem:DescribeAccountPreferences elasticfilesystem:DescribeBackupPolicy elasticfilesystem:DeleteAccessPoint elasticfilesystem:DescribeReplicationConfigurations elasticfilesystem:UntagResource elasticfilesystem:CreateFileSystem elasticfilesystem:ListTagsForResource elasticfilesystem:DeleteTags elasticfilesystem:DescribeLifecycleConfiguration elasticfilesystem:ClientMount elasticfilesystem:DescribeFileSystemPolicy elasticfilesystem:DescribeFileSystems elasticfilesystem:DeleteMountTarget elasticfilesystem:CreateAccessPoint elasticfilesystem:ModifyMountTargetSecurityGroups elasticfilesystem:DescribeMountTargets elasticfilesystem:DescribeAccessPoints elasticfilesystem:CreateAccessPoints elasticfilesystem:TagResource elasticfilesystem:CreateTags elasticfilesystem:DescribeTags elasticfilesystem:CreateMountTarget elasticfilesystem:Backup elasticfilesystem:DeleteFileSystem elasticfilesystem:DescribeMountTargetSecurityGroups elasticfilesystem:UpdateFileSystem eks:UpdateClusterVersion eks:ListTagsForResource eks:UpdateAddon eks:ListAddons eks:UpdateClusterConfig eks:DescribeAddon eks:UpdateNodegroupVersion eks:UpdateNodegroup eks:AssociateEncryptionConfig eks:ListUpdates eks:UpdateClusterConfig eks:DescribeAddon eks:UpdateNodegroupVersion eks:DescribeNodegroup eks:AssociateEncryptionConfig eks:DescribeAddonConfiguration eks:UntagResource eks:CreateNodegroup eks:RegisterCluster eks:DeregisterCluster eks:DeleteCluster eks:DescribeIdentityProviderConfig eks:DeleteAddon eks:DeleteNodegroup eks:DescribeUpdate eks:TagResource eks:AccessKubernetesApi eks:CreateAddon eks:UpdateNodegroupConfig eks:DescribeCluster eks:ListClusters eks:AssociateIdentityProviderConfig iam:CreateInstanceProfile iam:CreateServiceLinkedRole iam:GetPolicyVersion iam:UntagRole iam:PutRolePermissionsBoundary iam:TagRole iam:UpdateOpenIDConnectProviderThumbprint iam:RemoveRoleFromInstanceProfile iam:DeletePolicy iam:CreateRole iam:AttachRolePolicy iam:ListInstanceProfileTags iam:PutRolePolicy iam:DeleteRolePermissionsBoundary iam:AddRoleToInstanceProfile iam:ListInstanceProfilesForRole iam:PassRole iam:DetachRolePolicy iam:DeleteRolePolicy iam:ListOpenIDConnectProviderTags iam:PutRolePolicy iam:DeleteRolePermissionsBoundary iam:AddRoleToInstanceProfile iam:ListInstanceProfilesForRole iam:PassRole iam:DetachRolePolicy iam:DeleteRolePolicy iam:ListOpenIDConnectProviderTags iam:ListPolicyTags iam:ListRolePolicies iam:CreatePolicyVersion iam:DeleteOpenIDConnectProvider iam:ListPolicies iam:DeleteRole iam:UpdateRoleDescription iam:ListInstanceProfiles iam:TagPolicy iam:CreateOpenIDConnectProvider iam:CreatePolicy iam:ListPolicyVersions iam:ListOpenIDConnectProviders iam:GetAccountName iam:UntagPolicy iam:UpdateRole iam:UntagOpenIDConnectProvider iam:GetOpenIDConnectProvider iam:UntagInstanceProfile iam:TagOpenIDConnectProvider iam:GetRolePolicy iam:DeletePolicyVersion iam:TagInstanceProfile iam:ListEntitiesForPolicy ec2:DescribeVpcs ec2:DescribeSubnets ec2:DescribeVpcAttribute ec2:CreateVpcEndpoint ec2:DescribePrefixLists ec2:DeleteVpcEndpoints ec2:CreateLaunchTemplate ec2:GetLaunchTemplateData ec2:DescribeLaunchTemplates ec2:DescribeLaunchTemplateVersions ec2:ModifyLaunchTemplate ec2:DeleteLaunchTemplate ec2:DeleteLaunchTemplateVersions ec2:CreateLaunchTemplateVersion ssm:ListCommands s3:ListBucket s3:GetObject s3:PutObject s3:DeleteObject s3:CreateBucket s3:PutBucketPolicy s3:PutBucketAcl s3:PutBucketLifecycleConfiguration