This page explains the steps to create a BeBop MCP user.
- IAM → Roles → Add Role → Create role
- Select Another AWS Account
Enter Account ID as 067319167081
- (Optional, Recommended): Click the Check Mark against Require external ID under Options and enter a random string for External ID
When done Click on Next: Permissions
Click Next: Tags without adding any permissions, will add permissions later.
Add desired Tags for the Bebop Service Role and Click Next: Review
Enter Role name as BebopServiceRole and a Role description as desired and click Create role
Select the Role just created (https://console.aws.amazon.com/iam/home#/roles/BebopServiceRole) → Permissions → Add inline policy
Select the JSON tab and enter the following IAM Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:PassRole",
"kms:Decrypt",
"kms:Encrypt",
"kms:RevokeGrant",
"kms:DescribeKey",
"ec2:*",
"kms:CreateGrant",
"kms:ListGrants",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
],
"Resource": "*"
}
]
}
Click on Review policy and enter the Name as BebopServiceRolePolicy
Click Create policy
Share the Role ARN and External ID (if created in step 2b) with Bebop Support.