Once you have created a cross-account role and attached the AWS read-only policy, you need to create and attach a secondary policy to manage the resources that are not protected by the AWS Read-Only policy.
- From the dashboard, click Policies.
- Login to the AWS Management Console.
- Scroll down to the Security, Identity & Compliance section and select IAM.
- Click Create policy.
- Click JSON.
- Copy the secondary policy.
- Replace the text in the JSON tab with the policy you just copied and click Review policy.
- Type a name for the policy and click Create policy.
- In the Search text field, type the name of your secondary policy to filter the list of policies.
- Select the checkbox next to the secondary policy.
- From the Policy actions drop-down menu, select Attach.
- Go to the Copy an AWS Role ARN to Your CloudCheckr Account topic to continue to prepare your AWS account for CloudCheckr access.
The AWS services page opens. The Welcome to Identity and Access Management screen displays.
How Do I Access the IAM Dashboard?
The AWS services page opens.
The Welcome to Identity and Access Management screen displays.
A list of policies displays.
The Create Policy page opens.
The JSON tab opens, allowing you to create the policy using JSON syntax.
Note: You can also download and copy the secondary policy from here.
The Review policy page opens.
A message at the top of the policy page indicates that your policy has been created.
The secondary policy, in addition to the AWS Read-Only policy, are now attached to the cross-account access role.
Preparing Your AWS Account