How to configure access to the NICE DCV license stored in the S3 bucket

This guide explains how to setup access to the DCV license in AWS EC2. In AWS EC2 instances NICE DCV can be used for free. This is enabled by periodically accessing a S3 bucket containing the license. To access the S3 bucket we need to configure an AWS IAM role and policy.

Have a look at the end of the article for an alternative approach using the command line with the AWS CLI instead of the web console.

Creating the IAM role

Our example uses eu-west-1 as AWS region – please adapt accordingly.

  • On the next page
    • Select “AWS service”
    • Select “EC2”
    • Click on “Next: Permissions”
  • On the next page click on “Next: Tags” to move forward
  • On the next page click on “Next: Review” to move forward
  • On the next page enter the name for your role and click “Create role”

Creating the IAM policy

  • Click on Policies in the left menu
  • Click on “Create policy”
  • On the next page click on “JSON”
  • Insert the code below into the JSON field replacing the existing code – please replace the region with your region:
{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::dcv-license.eu-west-1/*"
        }
    ]
}
  • and click “Review policy”
  • Enter the name for the policy and click “Create policy”

Search for your new policy and click on it to open it

Click on “Policy usage” and then on “Attach”

Enter your DCV policy name, select the policy and click on “Attach policy”

You are done! Your new DCV role and policy has been created. The next step is to use it and attach it to the instance running DCV.

Alternative – Use the AWS CLI commandline to configure DCV License role and policy

Create the role

cat <<< '{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}' > ROLE.json
aws iam create-role --role-name DCVLicenseAccess --assume-role-policy-document file://ROLE.json

Create the policy (please remember to replace the region):

# Replace region (here eu-west-1) with your EC2 region
cat <<< '{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::dcv-license.eu-west-1/*"
        }
    ]
}' > POL.json
aws iam create-policy --policy-name DCVLicenseAccess --policy-document file://POL.json
# REMEMBER THE ARN of the DCV license access policy in the output
aws iam attach-role-policy --role-name DCVLicenseAccess --policy-arn {YOUR_ARN}  # e.g. arn:aws:iam::ACCOUNT_NR:policy/DCVLicenseAccess
# verify the role policy
aws iam list-attached-role-policies --role-name DCVLicenseAccess
# REMOVE json files
rm POL.json ROLE.json
# to remove a policy
# aws iam detach-role-policy --role-name DCVLicenseAccess --policy-arn arn:aws:iam::ACCOUNT_ID:policy/DCVLicensePolicy

Please feel free to use our contact form for any questions or comments.