# Set up the Deadline Cloud monitor
<a name="monitor-onboarding"></a>

To get started, you'll need to create your Deadline Cloud farm infrastructure, including a monitor, queue, and fleet. You can also perform additional, optional steps including adding groups and users, choosing a service role, and adding tags to your resources.

## Step 1: Create your monitor
<a name="monitor-infrastructure"></a>

The Deadline Cloud monitor uses AWS IAM Identity Center to authorize users. By default, the IAM Identity Center instance that you use for Deadline Cloud must be in the same AWS Region as the monitor. However, if you have Multi-Region support enabled in IAM Identity Center, you can create a monitor in a different Region. For more information, see [What is AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). If your console is using a different Region when you create the monitor, you'll get a reminder to change to the IAM Identity Center Region.

Your monitor's infrastructure consists of the following components:
+ **Monitor name**: The **Monitor name** is how you can identify your monitor — for example *AnyCompany monitor*. Your monitor's name also determines your **monitor URL**.
+ **Monitor URL**: You can access your monitor by using the **Monitor URL**. The URL is based on the **Monitor name** — for example *https://anycompanymonitor.awsapps.com*.
+ **AWS Region**: The **AWS Region** is the physical location for a collection of AWS data centers. When you set up your monitor, the Region defaults to the closest location to you. We recommend changing the Region so it is located closest to your users. This reduces lag and improves data transfer speeds. By default, AWS IAM Identity Center must be enabled in the same AWS Region as Deadline Cloud, unless you have Multi-Region support enabled in IAM Identity Center. For more information, see [What is AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
**Important**  
You can't change your Region after you finish setting up Deadline Cloud.

Complete the tasks in this section to configure your monitor's infrastructure.

**To configure your monitor's infrastructure**

1. Sign in to the **AWS Management Console** to start the Welcome to Deadline Cloud setup, then choose **Next**.

1. Enter the **Monitor name** — for example **AnyCompany Monitor**.

1. (Optional) To change the **Monitor URL**, choose **Edit URL**.

1. (Optional) To change the **AWS Region** so it's closest to your users, choose **Change Region**.

   1. Select the Region closest to your users.

   1. Choose **Apply Region**.

1. (Optional) To further customize your monitor setup, select **[Additional settings](#additional-monitor-settings)**.

1. If you are ready for [Step 2: Define farm details](define-the-farm.md), choose **Next**.

### Additional settings
<a name="additional-monitor-settings"></a>

Deadline Cloud setup includes additional settings. With these settings, you can view all the changes Deadline Cloud setup makes to your AWS account, configure your monitor user role, and change your encryption key type.

#### AWS IAM Identity Center
<a name="identity-center"></a>

AWS IAM Identity Center is a cloud-based single sign-on service for managing users and groups. IAM Identity Center can also be integrated with your enterprise single sign-on (SSO) provider so that users can sign in with their company account.

Deadline Cloud enables IAM Identity Center by default, and it is required to set up and use Deadline Cloud. By default, the IAM Identity Center instance that you use for Deadline Cloud must be in the same AWS Region as the monitor. However, if you have Multi-Region support enabled in IAM Identity Center, you can create a monitor in a different Region. For more information, see [What is AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).

#### Configure service access role
<a name="Monitor-user-role"></a>

An AWS service can assume a service role to perform actions on your behalf. Deadline Cloud requires a monitor user role for it to give users access to resources in your monitor.

You can attach AWS Identity and Access Management (IAM) managed policies to the monitor user role. The policies give users permissions to perform certain actions, such as creating jobs in a specific Deadline Cloud application. Because applications depend on specific conditions in the managed policy, if you don’t use the managed policies, the application might not perform as expected. 

You can change the monitor user role after you complete setup, at any time. For more information about user roles, see [IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html#id_iam-roles).

The following tabs contain instructions for two different use cases. To create and use a new service role, choose the **New service role** tab. To use an existing service role, choose the **Existing service role** tab. 

------
#### [ New service role ]

**To create and use a new service role**

1. Select **Create and use a new service role**.

1. (Optional) Enter a **Service user role** name.

1. Choose **View permission details** for more information about the role.

------
#### [ Existing service role ]

**To use an existing service role**

1. Select **Use an existing service role**.

1. Open the dropdown list to choose an existing service role.

1. (Optional) Choose **View in IAM console** for more information about the role.

------