When you create a new account in CloudCheckr, you must provide your cloud provider credentials to ensure CloudCheckr can take in your data.
This procedure shows you how to use CloudFormation to create an cross-acount role that will streamline the AWS credential creation process and ensure your AWS permissions always stay up-to-date.
- Log into your AWS Management Console.
- Launch the Cloudcheckr application.
- Select an account from the list.
- From the left navigation pane in Cloudcheckr, select Account Settings > AWS Credentials.
- Copy the external ID.
- Click the Launch CloudFormation Stack link.
- Click Next.
- Modify the stack name if needed—keeping the length of the stack name as short as possible.
The stack name gets appended to the Role ARN value used later in this procedure, and that value cannot exceed 64 characters.
- In the External ID text field, paste the external ID that you copied from CloudCheckr, and click Next.
- Modify the fields as needed and click Next.
- Select the I Acknowledge that AWS CloudFormation might create IAM resources check box and click Create.
- When the stack creation is complete, select the check box next to cloudcheckr-iam-stack, go to the Resources tab, and click IAM Role’s Physical ID.
- Copy the Role ARN value and return to CloudCheckr.
- Verify that the value in the Role ARN is within the 64-character limit.
- In the AWS Role ARN text field, paste the Role ARN value and click Update.
The Use a Role for Cross-Account Access tab displays by default.
The AWS Management Console opens and displays the Select Template screen in the Create stack wizard.
Under the Specify an Amazon S3 template URL, a link to the related template is provided.
The Specify Details screen opens and auto-populates the Stack name text field.
The Options screen opens.
The Review screen opens.
Your account will now be populated with proper AWS credentials that Cloudcheckr will continue to update with new permissions whenever new features are released.
Preparing Your AWS Account