After you have created and attached a secondary policy to your cross-account role, you need to copy an AWS Role ARN to your CloudCheckr account.
- From the dashboard, click Roles.
- Login to the AWS Management Console.
- Scroll down to the Security, Identity & Compliance section and select IAM.
- In the Search text field, type the name of the new cross-account access role to filter the list.
- Click the name of the new cross-account role from the list.
- Click the Copy icon next to the Role ARN.
- Launch CloudCheckr.
- Select an account from the list.
- From the left navigation pane, select Account Settings > AWS Credentials.
- In the AWS Role ARN text field, paste the role ARN value you copied from AWS.
- Click Update.
How Do I Access the IAM Dashboard?
The AWS services page opens.
The Welcome to Identity and Access Management screen displays.
The Roles page opens.
The Summary page opens. Notice the Role ARN value at the top of the page.
ARN values use this format: arn:aws:iam::YourAccountIDHere:role/CloudCheckrRole.
For the purposes of this procedure, we have masked the true ARN value.
The Edit AWS Credentials page opens. The Use a Role for Cross-Account Access tab displays by default.
Cloudcheckr will begin populating your account with data. Depending on the size of your AWS account, this can take a few hours or more.
Note: You can access specific permissions to allow CloudCheckr’s Automation features to work here. You can add these permissions as another policy to your cross-account access role.
Preparing Your AWS Account