An Example and AWS doc link would help customer add Trust relationship for FSx to Blue XP SaaS AWS account id

[anee04]

Page URL

https://docs.netapp.com/us-en/bluexp-fsx-ontap/requirements/task-setting-up-permissions-fsx.html

Page title

Set up permissions for FSx for ONTAP

Summary

An example with exact details would help customer here ( from customer case feedback)

To the IAM role , "Trust relationships" edit policy to include "AWS": "arn:aws:iam::952013314444:root", for FSx

Example below:

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::952013314444:root",
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}

Public issues must not contain sensitive information

• This issue contains no sensitive information.

[juliantap]

@anee04 Thank you for the feedback. I'll have to check with engineering on this. The section as written is intended to show the minimum required permissions to manage FSx for ONTAP using BlueXP.

Is this a minimum required permission for BlueXP or is this an optional AWS IAM parameter? Reviewing the document you linked, this appears to be an AWS IAM option.

[anee04]

Hello Julia,

The document I linked is to be used as additional reference from AWS on how to add a trusted entity.
If FSx is to be discovered on Blue XP , this is mandatory for the Customer IAM role to trust the Blue XP SaaS AWS account and AWS FSxN AWS account. Customers are unable to proceed with current documentation and chose to ignore this step and they get a tab crash on discovery as Blue XP SaaS is unable to communicate with AWS.

Case ids below so far with same issue:

2009638470
2009685146
2009801646

Thanks

[juliantap]

@anee04 Thank you for this additional context. I will send this to the engineering team for input.