Create the Peer Role - AWS

Before you begin

You need:

About this task

Your client-side VPC and the MarkLogic Service VPC need to securely communicate. To do so, you need a peer role that defines the privileges granted to the MarkLogic Service VPC. The peer role template creates an Identity and Access Management (IAM) role that accepts a VPC peering connection between your client-side VPC and MarkLogic Service VPC.
Important: The AWS user who creates the peer role stack must be assigned a role with the "iam:CreateRole" and "iam:AttachRolePolicy" permissions at a minimum. For more general information about creating a role in AWS, see Creating a Role to Delegate Permissions to an AWS Service.


  1. Download the peer-role.template. If necessary, modify the template.
  2. Navigate to the AWS CloudFormation Console page.

    AWS CloudFormation create network stack

    1. Click Create stack.
    2. Click With new resources (standard).
    Important: Before you continue, ensure you are creating your stack in a region supported by Data Hub Service (DHS). See Supported Regions - AWS.
  3. In the Create stack page, specify the peer-role.template.

    Sample VPC peer role configuration specify template

    • Click Next.
  4. In the Specify Stack Details page, supply the fields with the following information:
    Note: For more general information on creating a stack, see Creating a Stack on the AWS CloudFormation Console.

    Sample VPC peer role configuration

    Field Description
    Stack name The name for this collection of AWS network resources.
    MarkLogic Service ID The ID that identifies you as a MarkLogic Service subscriber.
    To find your MarkLogic Service ID in DHS, navigate to the MarkLogic Data Hub Service home page and click on the username in the top menu.
    MarkLogic Service ID

    VPC ID Your client-side VPC's identifier (vpc-*).
    Important: The VPC ID must include the vpc- prefix.

    To find your VPC ID in AWS CloudFormation Console, navigate to the AWS CloudFormation Console.

    1. Select the stack created when you set up a client-side VPC.
    2. Select the Resources tab.

    To find all of your VPC IDs in AWS, navigate to AWS.

    1. From the top menu, navigate to Services > VPC.
    2. In the Resources by Region page, click VPCs.

    Example: vpc-0f23c32843d97f2fb

    Click the following link to view a full list of client-side network resources.

    • Click Next.
  5. (Optional) In the Configure stack options page, specify tags, IAM roles, and advanced options.
    • Click Next.
  6. Review the details.

    Review page for new peer role

    (Optional) To make changes, click Previous.

    1. To confirm, select the I acknowledge... check box.
    2. Click Create Stack.


The peer role is created and the RoleARN (a unique AWS resource identifier) is displayed. In the AWS CloudFormation Console, the status of each stack must be CREATE_COMPLETE.
Peer role stack detils with RoleArn

Important: Make note of values that each task produces. Depending on your organization's security model, values might need to be shared with others in your organization.
Value How to find Required to

In AWS CloudFormation Console, click the stack name and then click the Outputs tab.

Example: arn:aws:iam::123456789012:role/MLAAS-PeerRole-peerRole-PUE2MD0KEMI2

For more general information, see

Set Up a Peered Network

What to do next