In order to replicate network configurations between different accounts, you need to go to the source account and create the Network role from the Trusted accounts page. This will automatically create the role and attached the required policies.
Note
This is only required if your target account is different from the source account.
To create the required role, take the following steps:
-
Go to your source account.
-
Go to the Trusted accounts page.
-
Click Add trusted accounts and create roles.
-
Click Add new trusted account.
-
Enter the target account ID and choose Network role.
-
Click Add trusted accounts and roles. A success message will appear at the top of the screen.
This action will create the DRSSourceNetworkRole role that is required to utilize the feature.
This role includes the AWSElasticDisasterRecoverySourceNetworkPolicy policy and the following trust policy permissions:
{
"Version" : "2012-10-17" ,
"Statement" : [
{
"Effect" : "Allow" ,
"Principal" : {
"Service" : "drs.amazonaws.com" },
"Action" : "sts:AssumeRole" ,
"Condition" : {
"StringLike" : {
"aws:SourceArn" : "arn:aws:drs:*:*:source-network/*" ,
"aws:SourceAccount" : "{{target_account}}" }
}
}
]
}After you install the agent and create the relevant role, you can start replicating your network configurations.
