testgrinder
Go to testgrinder
  • Overview
  • testgrinder uses
    • Testing
      • User Acceptance Testing
      • Change Testing
      • Regression Testing
      • Performance Testing
      • Stress Testing
    • Data management
      • Data verification
    • Configuration management
    • Training videos development
  • Getting Started
    • Video: Get Started with testgrinder
    • First steps
    • Example Scripts
    • Writing your first scenario
    • Scenarios
    • Run reports
  • Writing Scenarios
    • Anatomy of Maximo UI
      • Maximo login page
      • Start Center
      • Application Screen
      • Value lists
      • Advanced Search
      • Targeting fields with no labels
    • Finding the right steps
    • Step autocompletion
    • Scenarios vs Scenario Outlines
    • Snippets and Templates
      • testgrinder Templates Project
      • testgrinder Snippets Project
  • Examples
    • Interacting with electronic signature dialog
    • Automated granting of application access
    • Add a job plan
    • Add an item
    • Add an item to storeroom
  • Administration
    • Accessing Maximo behind a firewall
    • Managing User Access
    • Using Git to Back Up and Version Control testgrinder Projects
  • Self Managed Private Cloud (SMPC)
    • testgrinder SaaS vs testgrinder SMPC
    • Releases
      • Version 1.0.8
      • Version 1.0.0
    • testgrinder Architecture
    • testgrinder Configuration
      • Configuration Files
      • Database Stored Settings
    • Deployment Instructions
      • Prerequisites
      • Subscribing to testgrinder on AWS Marketplace
      • Virtual Private Cloud
      • Security Groups
      • S3 Buckets
      • IAM Roles
      • Key Pair
      • Launch tg-app
      • Finalize Configuration File .env
      • Finalizing Database Stored Settings
      • Minimal Deployment Complete
      • Install SSL Certificate
      • Force HTTP to HTTPS
      • External Database
      • Configure Auto Scaling Group
        • Target Groups
        • Load Balancers
        • Launch Template
        • Auto Scaling Group
        • Finalize Auto Scale Group Deployment
    • Test the Deployment
    • Monitoring
    • Backup and Restore Database
Powered by GitBook
On this page
  • testgrinder service will be discontinued on January 31, 2025
  • testgrinder SMPC was discontinued as of February 1, 2024
  • Role tg-app
  • Role tg-bot

Was this helpful?

  1. Self Managed Private Cloud (SMPC)
  2. Deployment Instructions

IAM Roles

PreviousS3 BucketsNextKey Pair

Last updated 1 year ago

Was this helpful?

testgrinder service will be discontinued on January 31, 2025

testgrinder SMPC was discontinued as of February 1, 2024

You'll need to create two IAM Roles - one for tg-app and the other for tg-bot instances. The roles will be assigned to the launched tg-app and tg-bot instances and give them the necessary access rights.

You can manage IAM Roles from the Roles page of the AWS IAM console at

If you plan to have several testgrinder deployments, to ensure proper access to S3 buckets, it is recommended to create a separate set of roles for each testgrinder deployment. Use descriptive role names, such as tg-eval-app and tg-prod-app, to distinguish between them.

Role tg-app

Create a role named tg-app and assign the following policy to it:

Replace YOUR_MEDIA_S3_BUCKET and YOUR_USER_FILES_S3_BUCKET below with the name of the buckets you created earlier.

  • If you are using an AWS Key Management Service key for encrypting objects in the S3 buckets, replace YOUR_KMS_KEY_ARN below with the key's ARN.

  • If you are not using encryption, or using Amazon S3-managed keys, then remove the entire section of the policy granting permission to kms action.

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "ec2:CreateTags",
          "ec2:DescribeTags",
          "ec2:DescribeInstances",
          "ec2:DescribeSecurityGroups",
          "ec2:RunInstances",
          "ec2:TerminateInstances",
          "iam:PassRole"
        ],
        "Resource": [
          "*"
        ]
      },
      {
        "Effect": "Allow",
        "Action": [
          "kms:GenerateDataKey",
          "kms:Decrypt",
          "kms:Encrypt"
        ],
        "Resource": [
          "YOUR_KMS_KEY_ARN"
        ]
      },
      {
        "Effect": "Allow",
        "Action": [
          "s3:ListBucket"
        ],
        "Resource": [
          "arn:aws:s3:::YOUR_MEDIA_S3_BUCKET",
          "arn:aws:s3:::YOUR_USER_FILES_S3_BUCKET"
        ]
      },
      {
        "Effect": "Allow",
        "Action": [
          "s3:PutObject",
          "s3:GetObject",
          "s3:DeleteObject"
        ],
        "Resource": [
          "arn:aws:s3:::YOUR_MEDIA_S3_BUCKET/*",
          "arn:aws:s3:::YOUR_USER_FILES_S3_BUCKET/*"
        ]
      }
    ]
  }

Role tg-bot

Create a role named tg-bot and assign the following policy to it:

Replace YOUR_MEDIA_S3_BUCKET and YOUR_USER_FILES_S3_BUCKET below with the name of the buckets you created earlier.

  • If you are using an AWS Key Management Service key for encrypting objects in the S3 buckets, replace YOUR_KMS_KEY_ARN below with the key's ARN.

  • If you are not using encryption, or using Amazon S3-managed keys, then remove the entire section of the policy granting permission to kms action.

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": ["ec2:DescribeTags"],
        "Resource": ["*"]
      },
      {
        "Effect": "Allow",
        "Action": [
          "kms:GenerateDataKey",
          "kms:Decrypt",
          "kms:Encrypt"
        ],
        "Resource": [
          "YOUR_KMS_KEY_ARN"
        ]
      },
      {
        "Effect": "Allow",
        "Action": [
          "s3:PutObject"
        ],
        "Resource": [
          "arn:aws:s3:::YOUR_MEDIA_S3_BUCKET/*"
        ]
      },
      {
        "Effect": "Allow",
        "Action": [
          "s3:GetObject"
        ],
        "Resource": [
          "arn:aws:s3:::YOUR_USER_FILES_S3_BUCKET/*"
        ]
      }
    ]
  }
https://console.aws.amazon.com/iamv2