Home > Storage > PowerScale (Isilon) > Product Documentation > Cloud > APEX File Storage for AWS: Deployment Guide > Create IAM policy, role, and instance profile
Note: Creating the IAM policy, role, and instance profile for a OneFS cluster is a one-time activity for the same AWS account. The profiles are reusable for deploying more additional clusters.
Cluster nodes require an instance profile attached. The minimum permissions required is ec2:AssignPrivateIpAddresses on network interfaces, which is defined in the onefs-runtime-policy.json.
> cd C:\json-files-template
> aws iam create-policy --policy-name onefs-runtime-policy --policy-document file://onefs-runtime-policy.json
Command output example:
{
"Policy": {
"PolicyName": "onefs-runtime-policy",
"PolicyId": "ANPAYBAVXC5JA25QNSXQA",
"Arn": "arn:aws:iam::55194881026:policy/onefs-runtime-policy",
"Path": "/",
"DefaultVersionId": "v1",
"AttachmentCount": 0,
"PermissionsBoundaryUsageCount": 0,
"IsAttachable": true,
"CreateDate": "2022-11-17T08:14:23+00:00",
"UpdateDate": "2022-11-17T08:14:23+00:00"
}
}
> aws iam create-role --role-name onefs-runtime-role --assume-role-policy-document file://onefs-runtime-assume-role.json
> aws iam attach-role-policy --role-name onefs-runtime-role --policy-arn arn:aws:iam::551948851026:policy/onefs-runtime-policy
> aws iam create-instance-profile --instance-profile-name onefs-runtime-instance-profile
> aws iam add-role-to-instance-profile --instance-profile-name onefs-runtime-instance-profile --role-name onefs-runtime-role
Note: When you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an instance profile and gives it the same name as the role. Now you also have an instance profile created named onefs-runtime-role. For more details, see the AWS documentation Using instance profiles.