Creating AWS Credentials with CloudFormation


When you create a new account in CloudCheckr, you must provide your cloud provider credentials to ensure CloudCheckr can take in your data.

This procedure shows you how to use CloudFormation to create an cross-acount role that will streamline the AWS credential creation process and ensure your AWS permissions always stay up-to-date.


  1. Log into your AWS Management Console.
  2. Launch the Cloudcheckr application.
  3. Select an account from the list.
  4. From the left navigation pane in Cloudcheckr, select Account Settings > AWS Credentials.
  5. The Use a Role for Cross-Account Access tab displays by default.

  6. Copy the external ID.
  7. Click the Launch CloudFormation Stack link.
  8. The AWS Management Console opens and displays the Select Template screen in the Create stack wizard.

    Under the Specify an Amazon S3 template URL, a link to the related template is provided.

  9. Click Next.
  10. The Specify Details screen opens and auto-populates the Stack name text field.

  11. Modify the stack name if needed—keeping the length of the stack name as short as possible.

    The stack name gets appended to the Role ARN value used later in this procedure, and that value cannot exceed 64 characters.

  12. In the External ID text field, paste the external ID that you copied from CloudCheckr, and click Next.
  13. The Options screen opens.

  14. Modify the fields as needed and click Next.
  15. The Review screen opens.

  16. Select the I Acknowledge that AWS CloudFormation might create IAM resources check box and click Create.
  17. When the stack creation is complete, select the check box next to cloudcheckr-iam-stack, go to the Resources tab, and click IAM Role’s Physical ID.
  18. Copy the Role ARN value and return to CloudCheckr.
  19. Verify that the value in the Role ARN is within the 64-character limit.
  20. In the AWS Role ARN text field, paste the Role ARN value and click Update.
  21. Your account will now be populated with proper AWS credentials that Cloudcheckr will continue to update with new permissions whenever new features are released.

See Also:
Preparing Your AWS Account