Creating AWS Credentials with CloudFormation

When you create a new account in CloudCheckr, you must enter in your cloud provider credentials to ensure CloudCheckr can ingest your data.

This procedure shows you how to use CloudFormation to create an IAM role that will streamline the AWS credential creation process and ensure your AWS permissions always stay up-to-date.

 

  1. Log into your AWS Management Console.
  2. Launch the Cloudcheckr application.
  3. From the left navigation pane in Cloudcheckr, select Account Settings > AWS Credentials.

    The Use a Role for Cross-Account Access tab displays by default.

  4. Copy the external ID.
  5. Click the Launch CloudFormation Stack link.

    The AWS Management Console opens and displays the Select Template screen in the Create stack wizard.

    Under the Specify an Amazon S3 template URL, a link to the related template is provided.

  6. Click Next.

    cf02_SelectTemplate

    The Specify Details screen opens.

     

  7. In the ExternalID text field in the Parameters section, paste the external ID that you copied from Cloudcheckr, and click Next.

    cf03_PasteExternalId

    The Options screen opens.

  8. Modify the fields depending on your needs, and click Next.

    cf04_Options

    The Review screen opens.

  9. Select the I Acknowledge that AWS CloudFormation might create IAM resources check box and click Create.

    cf05_Acknowledge

  10. When the stack creation is complete, select the check box next to cloudcheckr-iam-stack, go to the Resources tab, and click IAM Role’s Physical ID. 
  11. Copy the Role ARN value and return to CloudCheckr.

    cf07_RoleARN

  12. In the AWS Role ARN text field, past the Role ARN value and click Update.

    cf08_ARNinCC

Your account will now be populated with proper AWS credentials that Cloudcheckr will continue to update with new permissions whenever new features are released.