Creating AWS Credentials with CloudFormation

Introduction

CloudCheckr recommends that customers create AWS credentials using CloudFormation.

This procedure shows you how to use CloudFormation to create an cross-account role that will streamline the credential process and ensure your AWS permissions always stay up-to-date.


Procedure

  1. Log into your AWS Management Console.
  2. In the Billing & Cost Management Dashboard, verify that the Receive Billing Alerts checkbox is selected. (optional)
  3. Launch the Cloudcheckr application.
  4. Select an account from the list.
  5. From the left navigation pane in Cloudcheckr, select Account Settings > AWS Credentials.
  6. The Use a Role for Cross-Account Access tab displays by default. It contains instructions on how to use CloudFormation to create a cross-account role.


  7. Copy the external ID value from CloudCheckr.
  8. Click the Launch CloudFormation Stack link.
  9. The Select Template screen in the Create stack wizard opens.

    Under the Specify an Amazon S3 template URL, a link to the related template is provided.

  10. Click Next.
  11. The Specify Details screen opens.

  12. Type a name for your stack and paste the external ID value from CloudCheckr into the corresponding field in CloudFormation.
  13. Note: Keep the stack name as short as possible; it gets appended to the Role ARN value later in this procedure, and that value cannot exceed 64 characters.

  14. For each of the separate policies—Inventory, Billing, Security, and CloudWatch Flow Logs—select True or False if you want to include that policy in your template.
    1. For Billing, type the name of your AWS Detailed Billing Report bucket.
    2. For Security, type the name of your AWS CloudTrail bucket.

  15. Click Next.
  16. The Options screen opens.

  17. Configure your stack options (optional) and click Next.
  18. Select the I Acknowledge that AWS CloudFormation might create IAM resources check box and click Create.
  19. When the stack creation is complete, select your stack name from the list and click the Resources tab.
  20. Click the Physical ID link for the IAM role.
  21. From the Summary page, copy the Role ARN value.
  22. Return to CloudCheckr.
  23. Select the checkbox if this is an account from India managed by Amazon Internet Services Pvt. Ltd (AISPL).
  24. In the AWS Role ARN text field, paste the Role ARN value and click Update.
  25. Your account will now be populated with proper AWS credentials that Cloudcheckr will continue to update with new permissions whenever new features are released.


See Also:
Preparing Your AWS Account