# Create custom role

1. On the **IAM** page under **Access management** in the sidebar menu click **Roles**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-ddc270685a392d18e378a7645c5f236b1e5cdf5d%2F5ee41fa889ddce424461cdc8787ad4e910a21ee578cdfc6f45f1fcadbce168c8.png?alt=media)

2. Click **Create role**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-d88c0fc15bd3636b88bb4e1b41958e29aaf6fc26%2Fa82b102e42c879b0b9b33f41559c92f24b905fad554451c4c14e575d76f183ee.png?alt=media)

3. Select AWS account

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-3da630797c1d43839ebdd9c00da0b3965f70a3f3%2F709b3669a57ac8321b05870d2525169192ec133629e8d538603806ccac6747f9.png?alt=media)

4. You're going to need Netography's **Account ID** and the custom **External ID** created in your Fusion account for the next step

These settings can be found In Netography Fusion, under **Settings** -> **Overview**.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-0b484b0a8c585eb4b64b5a023b9a09d340a49bf4%2F19efaafce0e1571df3bf71b1b838eadebee497bf63fe9fb04993af3ab32a41aa.png?alt=media)

5. In AWS Select **Another AWS account** before pasting in the **Account ID** you copied from Netography Fusion, then check the box for **Require external ID** and paste in the External ID. Click **Next**.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-cb6d37912e221d7797f25e8943f111d5394a332e%2F95e3286c472e1af225faec30fe907cc59df71f0c842feb0106ff5ebbe96f347e.png?alt=media)

6. Search for the policy name you created during the [Create IAM policy](https://docs.netography.com/quick-start/quickstart-aws/create-iam-policy) step and check the box. **Permissions policies** should show **1**.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-fed520400c70bfae48afe62d4582a2756480f112%2F26e915043849b255a0e9e5be32cf067c83dfa239eed46db59f4c54e11a8635a7.png?alt=media)

7. Search for AmazonEC2ReadOnlyAccess and check the box. **Permissions Policies** should show **2**.

This will add permissions for context enrichment.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-29cd642d3121604dedc7faf196ba9c88f9b73e86%2F8e09e9d5e1514d2f7a68f830fa8f845fb8eae0e3442dec7f186945ba701f75ed.png?alt=media)

8. Click **Next**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-f58a150b698a2f6ccd65b5816b77cccea333dfc2%2Fa65c4c2bfa11d8cb7280a6e07fd8e20be52c63556612d5f668d2ea83ce33a6c9.png?alt=media)

9. Give your role a name.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-2e5e173abe61e1b2acbde9766c72f8a156e5f0d5%2F91de64b4160c03d97b83978ea478992383dc20314182030d5c073902b8c998f9.png?alt=media)

10. The **Trust policy** is created by default and should contain the AWS Account ID and External ID you entered earlier, nothing needs to be done here, it's just to verify everything looks correct.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-435bc7e79797afed448c4e44e274c7cda1a88e78%2Fa21be3f851207115fb2e807d4b6f9ff84749b024938a42d40b0b6e4e88775c2d.png?alt=media)

11. Click **Create role**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-073177594965c6cb375a47faf2f0a60e90c977d0%2Fd057bdf84634679d365c513e41af007ab9f2cbbe2c7d8b346be98bb2d4d4f865.png?alt=media)

12. Next you'll need to copy and save the ARN of your newly created role, this is going to be needed to authenticate Netography Fusion in a later step. Search for the name you gave your role and click your role name.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-9033e64def76e98071c137a807dbeec683492b1d%2F4a10205b641b5de200afa7603fcb2e9c5e2ec35a6301a433384095a5e6928527.png?alt=media)

13. Copy and save your role ARN for later.

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-1fc0e066a2317ca46bc9a01b71895fce9829ee3f%2F9c0ce2fffc42a044b8b3e7ecda07f59a2a8a45f8eefc1369fa680893ce9aaaa4.png?alt=media)