IAM roles needed for the MGN connector - Application Migration Service

NEW - You can now accelerate your migration and modernization with AWS Transform. Read Getting Started in the AWS Transform User Guide.

IAM roles needed for the MGN connector

To use MGN connector you must have these required IAM roles for individual accounts and AWS Organizations networks:

  • MGNConnectorInstallerRole

  • AWSApplicationMigrationConnectorManagementRole

  • AWSApplicationMigrationConnectorSharingRole_management-account-id Needed in an individual account. Also needed in an organization, on every account, including the management account.

Individual account: For an MGN connector in an individual account, create these roles as described in Create roles manually.

Multiple accounts: If the MGN connector manages source servers from multiple accounts, set up the global view feature and set up your AWS Organization, as described in Manage large-scale migrations with global view. After you set up your AWS Organization:

  1. Create the MGNConnectorInstallerRole and the AWSApplicationMigrationConnectorManagementRole as described in Create roles manually.

  2. Configure the CloudFormation StackSet to create the AWSApplicationMigrationConnectorSharingRole_management-account-id role per management account. Use the template "Enable Application Migration Service Connector access". Instructions are in Deploy role using a CloudFormation template .