Setting up
Sign up for AWS
When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all AWS services, including AWS Migration Hub Orchestrator. You are charged only for the services that you use.
If you already have an AWS account, skip this step.
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
Open https://portal.aws.amazon.com/billing/signup
. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.
Create an IAM user
By default, an administrator account inherits all of the policies that are required to access Migration Hub Orchestrator. To create an administrative user, follow the steps in Create an administrative user.
To create a non-administrative IAM user for use with Migration Hub Orchestrator, we recommend that you create these IAM users:
-
To access the console, create a user with both the
AWSMigrationHubFullAccess
and theAWSMigrationHubOrchestratorConsoleFullAccess
managed policies attached. -
To enable the Migration Hub Orchestrator plugin to communicate with your servers, create a user with the
AWSMigrationHubOrchestratorPlugin
managed policy attached. -
To enable the instances to communicate with the Migration Hub Orchestrator plugin, create a user with the
AWSMigrationHubOrchestratorInstanceRolePolicy
managed policy attached.
Alternatively, you can create one user with all the managed policies attached. For more information, see AWS managed policies for Migration Hub Orchestrator.
When creating non-administrative IAM users, follow the Grant least privilege security best practice and grant users minimum permissions.
To create a non-administrator IAM user to use with Migration Hub Orchestrator
-
In AWS Management Console, navigate to the IAM console.
-
Follow the instructions in Creating an IAM user in your AWS account.
While following the instructions, ensure that you:
-
Select both Programmatic access and AWS Management Console access as the type of access.
-
Choose the option to Attach existing policies to user directly on the Set permission page. Then, choose the managed IAM policy AWSMigrationHubFullAccess, AWSMigrationHubOrchestratorConsoleFullAccess, or AWSMigrationHubOrchestratorPlugin from the list of policies.
-
Follow the guidance in the Important note about saving the new access key ID and secret access key in a safe and secure place.
-
Home Region
The data stored in the AWS Migration Hub (Migration Hub) home Region provides a single repository of discovery and migration planning information for your entire migration portfolio. The data stored in the home Region from the discovery and migration tools is used to track the progress of your migrations regardless of the migrating application’s target Region. For more information, see Migration Hub home Region.