Creating AWS Credentials with CloudFormation

Overview

cf00_startnav

When you create a new account in CloudCheckr, you always need to enter in your cloud provider credentials in order to ensure CloudCheckr can ingest your data. This article covers how to use CloudFormation to create an IAM Role which will streamline the AWS credential creation process, making it faster and ensuring that your AWS permissions always stay up-to-date.

 

  1. Log into the AWS Console for the account in question.
  2. Go to the CloudCheckr Configure Accounts section, located at Account Settings > AWS Credentials.
  3. Copy the External ID (indicated in green, below).cf01_MainNav
  4. Under the tab for Use a Role for Cross-Account Access, click on the Launch CloudFormation Stack button. This will take you to the AWS Console.
  5. The first screen is Select Template. Click Next.
    cf02_SelectTemplate
  6. In the Specify Details screen, paste the External ID that you copied in Step 3. Click Next.
    cf03_PasteExternalId
  7. The Options screen has entries that are optional depending on your needs. When you are complete, click Next.
    cf04_Options
  8. On the Review screen, check the I Acknowledge that AWS CloudFormation might create IAM resources box and click Create.cf05_Acknowledge
  9. When Stack Creation has completed, check the box next to cloudcheckr-iam-stack, then go to the Resources tab and click on the IAM Role’s Physical ID.cf06_PhysicalId
  10. Copy the Role ARN value and return to CloudCheckr.cf07_RoleARN
  11. Paste the Role ARN in the labeled box and click Update.cf08_ARNinCC

That’s it! Your account will now be populated with proper AWS Credentials which are continually updated with new permissions by CloudCheckr whenever new features are released.