AWS Account

To authenticate with your AWS account, you will need to grant AutoCloud read-only access to your resources.

Create a cross-account role

Generating a cross-account read-only role is the simplest and most secure way of authenticating with your AWS account. This role will need the AWS owned "ReadOnlyAccess" and "SecurityAudit" permissions only. You may use AWS Console or Terraform to generate the Role ARN.

Use Terraform to generate Role ARN

Using Terraform to generate a Role ARN will require the next steps:

  1. Get your AutoCloud organization ID, which can be found in My Account.
  2. Head over to AutoCloud's AWS Terraform Module.
  3. Get the Provision Instructions, copy and paste into your Terraform configuration.
  4. The following assets will be created:
    1. aws_iam_role - The AWS IAM cross-account role
    2. aws_iam_role_policy_attachment - Several AWS IAM policy role attachments linking the cross-account role to the specific permissions allotted
  5. Copy the Role ARN.
Document image

Use AWS Console to generate Role ARN

Usin AWS Console to generate the ARN Role will require a few steps:

  1. After you've created a Visual Service Discovery, click on "Use AWS Console".
  2. You will be redirected to the following screen were you will create a role with the name "AutoCloudReadOnlyAccess":
Document image

3. Copy the Role ARN.

Connect an AWS account to AutoCloud

  1. Go to Service Discovery
  2. Click on "Create New" in the top right corner.
  3. Pick AWS as a provider.
  4. Name your account and add a description.
Document image

5. Enter Role ARN to give AutoCloud read-only access. The credentials will be saved and you will be authenticated.

Document image

7. Select services and regions.

Document image

8. A new version will be created.

Document image

9. Click on View to take a look at your your cloud in the 3D Environment.

Document image