content/operate/rc/subscriptions/bring-your-own-cloud/iam-resources/aws-console.md
Follow these steps to manually create IAM resources using the AWS console.
{{< warning >}} We use the provided credentials to configure your AWS environment and provision required resources.
You must not change the configurations of provisioned resources or stop or terminate provisioned instances. If you do, your databases will be inaccessible and Redis will not be able to ensure database stability. See [Avoid service disruption]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings#avoid-service-disruption" >}}) for more details. {{< /warning >}}
The IAM instance policy controls the permissions for the instances that Redis Cloud creates in your AWS account.
Follow the steps to create an IAM policy using the JSON editor with the following settings:
In Specify permissions, select JSON, and then enter the contents of the RedisLabsInstanceRolePolicy.json policy file:
{{< scrollable-code >}} {{< external-json "https://raw.githubusercontent.com/Redislabs-Solution-Architects/cloudformation-aws-Redislabs-Cloud-Account-IAM-Resources/refs/heads/master/RedisLabsInstanceRolePolicy.json" >}} {{< /scrollable-code >}}
In Review and Create, enter RedisLabsInstanceRolePolicy in the Policy name field.
Select Create policy to finish policy creation.
After creating the instance role policy, you must create a role to assign the policy.
Follow the steps to create a role for an AWS service with the following settings:
redislabs-cluster-node-role in the Role name field.Select Create role to finish role creation.
The user policy controls the permissions for the user that Redis Cloud uses to manage your AWS account.
Follow the steps to create an IAM policy using the JSON editor with the following settings:
In Specify permissions, select JSON, and then enter the contents of the RedisLabsIAMUserRestrictedPolicy.json policy file:
{{< scrollable-code >}} {{< external-json "https://raw.githubusercontent.com/Redislabs-Solution-Architects/cloudformation-aws-Redislabs-Cloud-Account-IAM-Resources/refs/heads/master/RedislabsIAMUserRestrictedPolicy.json" >}} {{< /scrollable-code >}}
In Review and Create, enter RedislabsIAMUserRestrictedPolicy in the Policy name field.
Select Create policy to finish policy creation.
After you create the user policy, you must create a programmatic access user and attach the policy to it.
Follow the steps to create a user on the AWS console, with the following settings:
redislabs-user.Select Create user to create the user.
After you create the user, you need to add an access key for the user.
Follow the steps to create an access key for the user you just created. Save the access key ID and secret access key in a secure location.
The console access role controls the permissions for the user that Redis Cloud uses to access the AWS console.
Follow the steps to Create a role for an IAM user with the following settings:
168085023892 (Redis Cloud's AWS account).redislabs-role in the Role name field.Select Create role to finish role creation. Save the Role name for later.
When you've finished creating all of the resources, you can [create a Cloud Account]({{< relref "/operate/rc/subscriptions/bring-your-own-cloud/cloud-account-settings" >}}) in the Redis Cloud console. To do this, you'll need the following information: