Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon What are the steps to create a custom trust policy for the IAM role in DeepSeek


What are the steps to create a custom trust policy for the IAM role in DeepSeek


Creating a custom trust policy for an IAM role in DeepSeek involves several steps, which are crucial for defining who can assume the role and what actions they can perform. Here's a detailed guide on how to create such a policy:

Step 1: Access the AWS IAM Console

1. Sign in to the AWS Management Console and navigate to the IAM dashboard at https://console.aws.amazon.com/iam/.
2. In the IAM console, select Roles from the left-hand menu and then click Create role.

Step 2: Choose the Custom Trust Policy Role Type

1. In the Create role section, select Custom trust policy as the role type.
2. This option allows you to define a custom trust policy that specifies which entities can assume the role.

Step 3: Define the Custom Trust Policy

1. In the Custom trust policy section, you will see a JSON policy template. You need to modify this template to include the principal that should be allowed to assume the role.

For example, if you want an IAM user to assume the role, you would specify the user's ARN in the Principal section. Here's an example of what the policy might look like: 

json
   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Principal": {
           "AWS": "arn:aws:iam::123456789012:user/your-username"
         },
         "Action": "sts:AssumeRole"
       }
     ]
   }

Replace `"arn:aws:iam::123456789012:user/your-username"` with the actual ARN of the IAM user or entity that should assume the role.

2. If you are using a service like OpenSearch, you might need to specify the service's ARN or a specific role ARN depending on your setup.

Step 4: Resolve Security Warnings and Proceed

1. After entering your custom trust policy, AWS will validate it and may display security warnings or errors if there are issues.
2. Resolve any warnings or errors by adjusting the policy as needed.
3. Once the policy is valid, click Next to proceed.

Step 5: Set Permissions Boundary (Optional)

1. If desired, you can set a permissions boundary for the role. This is an advanced feature that limits the maximum permissions the role can have.
2. To do this, open the Permissions boundary section and select a policy from the list of available AWS managed or customer-managed policies.

Step 6: Name the Role

1. Enter a unique name for your role in the Role name field. Role names must be unique within your AWS account and are case-insensitive.
2. Optionally, you can add a description for the role.

Step 7: Add Permissions (Optional)

1. You can add permissions to the role by attaching policies. This step is optional if you have already defined the necessary permissions elsewhere.
2. Click Edit in the Add permissions section to attach policies.

Step 8: Review and Create the Role

1. Review all the details of your role, including the trust policy and permissions.
2. Once everything is correct, click Create role to finalize the creation process.

Step 9: Use the Role in DeepSeek

1. After creating the IAM role, you can use its ARN in your DeepSeek application or scripts to assume the role and perform actions based on the permissions defined in the role.
2. Ensure that any scripts or applications using this role have the necessary credentials configured, such as AWS access keys or temporary security tokens obtained through STS.

By following these steps, you can create a custom trust policy for an IAM role that integrates with DeepSeek, ensuring that only authorized entities can assume the role and perform specific actions within your AWS environment.

Citations:
[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-custom.html
[2] https://awsfundamentals.com/blog/aws-iam-roles-terms-concepts-and-examples
[3] https://spacelift.io/blog/aws-iam-roles
[4] https://github.com/opensearch-project/ml-commons/blob/main/docs/tutorials/aws/RAG_with_DeepSeek_R1_model_on_Bedrock.md
[5] https://aws.amazon.com/blogs/big-data/use-deepseek-with-amazon-opensearch-service-vector-database-and-amazon-sagemaker/
[6] https://github.com/opensearch-project/ml-commons/blob/main/docs/tutorials/aws/RAG_with_DeepSeek_R1_model_on_Sagemaker.md
[7] https://www.zscaler.com/blogs/product-insights/deepseek-access-control-enhancing-security-deepseek-application-blocking
[8] https://stackoverflow.com/questions/32427859/what-does-the-default-trust-policy-in-an-aws-iam-role-mean