Although CloudCheckr recommends that you use a cross-account role for greater security, your business may require you to create credentials using Amazon Web Services (AWS) Identity and Access Management (IAM) access keys.
IAM access keys are less secure than cross-account roles because you must create and manage multiple users and access keys, which require periodic rotation and are at risk of being shared or stolen.
This topic shows you how to create AWS credentials using IAM access keys by following these procedures in this order:
- create a policy or policies
- create a user group
- create an IAM user
Create a Policy or Policies
Go to the Create a Policy or Policies topic.
Create A User Group
CloudCheckr recommends that all IAM users belong to groups, so you can apply group permissions that will get filtered down to the users in the group automatically.
Log into the AWS Management Console.
From the AWS Services screen, select Security, Identity & Compliance > IAM.
From the dashboard, click Groups.
Click the Create New Group button.
Type a group name. We recommend naming the group CloudCheckr for easy identification. Click Next Step.
Attach your policy or policies and click Create Group.
Create An IAM User
Now you need to create an IAM user and generate an access key and secret key that will enable you to connect CloudCheckr to your AWS account.
From the dashboard, click the Users.
Click the Add user button.
On the Add user screen:
- Type the username. We recommend CloudCheckr for easy identification.
- Select the Programmatic access check box to generate an access key and secret key ID.
- Click Next: Permissions.
Click Add user to group and select the CloudCheckr group.
Click Next: Review.
Review your choices and click Create user.
Click Download .csv to save the security credentials as a .CSV export and click Close.
Return to CloudCheckr and copy the access key and secret access key into the corresponding fields.
Select the checkbox if this is an account from India managed by Amazon Internet Services Pvt. Ltd (AISPL).
The new IAM user is now properly assigned to your CloudCheckr group.
Create Cross-Account Role Using CloudFormation