0 / 0

Setting up the platform on AWS

Last updated: Jun 26, 2025
Setting up the platform on AWS

To set up the platform on AWS, you must create your IBM SaaS account, add users, set user roles, and create subscription instances. Then delegate access by establishing trust between your AWS account and IBM AWS account.

Prerequisites: To set up the platform on AWS, you must:

  • Have an AWS account
  • Have an IBM ID
  • Have service subscriptions created on AWS. For details, contact the IBM sales team.

Follow this process to set up watsonx on AWS:

Note:

Creating user groups does not have any effect on watsonx. You can skip creating user groups.

  1. Create your IBM SaaS account or use an existing IBM SaaS account
  2. Verify the available subscriptions
  3. Add users to your account and assign roles to them
  4. Create subscription instances, as needed
  5. Delegate access by establishing trust between your AWS account and IBM AWS account
  6. Grant access through service IDs and API keys to enable access by applications and scripts.

Creating your IBM SaaS account

To create up your IBM SaaS account:

  1. Go to https://aws.console.saas.ibm.com and click Log in.
  2. Click Create account.
  3. In the window that opens, provide the account information. Then, from the Cloud provider drop-down menu, select AWS. Creating the IBM SaaS account
  4. Click Create.
  5. Your new account shows in the list of available accounts.

Delegating access by establishing trust between your AWS account and IBM AWS account

Establish trust between your AWS account and IBM AWS account. Define actions that IBM is allowed to perform in your AWS account. Follow these steps:

  1. Go to ap-south-1.aws.data.ibm.com and log in.

  2. From the menu next to your avatar, select watsonx.

  3. From the navigation menu select Administration > Access (IAM) > Access Delegation.

  4. Toggle Enable delegation to on.

    Enabling delegation in watsonx UI

  5. Click Guide me. Integration via account delegation pane appears. The Account delegation tab contains a list of property names and property values. You will need them to set up delegation.

    Contents of the Guide me pane

  6. Log in to the AWS Console and then navigate to IAM service. If possible, arrange your watsonx and AWS Console windows so that you are able to access both at the same time.

  7. In AWS Console, create a new account delegation role by using the property names and values that you saw in the Account delegation tab of the Integration via account delegation pane of watsonx.

  8. In watsonx, click Next. The Permission policy tab shows.

  9. Copy the generated code that you see on the watsonx screen and then open the AWS Console again.

  10. In AWS Console, in the location where you set up permissions for the account delegation role, create a permission policy and seed it by pasting the code from the watsonx Permission policy tab.

  11. Save your changes and then copy the generated Amazon Resource Name (ARN). The created IAM role allows IBM to call AWS APIs by using temporary credentials.

  12. In watsonx, click Next. The Role ARN tab opens.

  13. Paste the ARN in the Enter the account delegation role ARN textbox and then click Test integration.

  14. If test result is positive, click Finish. Trust between your AWS account and IBM AWS account is established.

Learn more

Parent topic: Administration