Skip to main content
Skip table of contents

How to Update Onboarding Role's Policies via AWS CLI

The Onboarding Template shared at URL: https://yotascale-onboarding.s3.amazonaws.com/YotascaleManagement.yaml is used for onboarding AWS accounts to Yotascale. Occasionally, the template is updated in case there are additional rights required for new features, etc.
In order to update those rights, the customers are currently required to rerun the CloudFormation template and re-onboard their AWS accounts. In order to make this process shorter, the following AWS command can be used by customers to update the policies created by the CloudFormation stack directly via AWS CLI. This would not require them to re-run the template and re-onboard their AWS Accounts.

aws iam --profile [insert profile to access AWS account] create-policy-version --policy-[insert policy ARN to be updated] --policy-document file://[insert file for policy to be updated].json --set-as-default

example:

aws iam --profile default create-policy-version --policy-arn arn:aws:iam::XXXXX:policy/YS-Onboarding-YotascaleReadPolicy-XXXXXXXXXXX --policy-document file://yotascale-read-policy.json --set-as-default

The policy documents for the 3 policies currently created and attached to the onboarding role (by running the CloudFormation template) are as follows:

yotascale-read-policy.json
yotascale-tagging-policy.json
yotascale-billing-policy.json


In case the CloudFormation template is updated, the above JSON policy documents will also need to updated. The CloudFormation template can serve as the master reference for making sure latest rights are being added to the above JSON docs.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.