To authenticate with your AWS account, you will need to grant AutoCloud read-only access to your resources.
Create a cross-account role
Generating a cross-account read-only role is the simplest and most secure way of authenticating with your AWS account. This role will need the AWS owned "ReadOnlyAccess" and "SecurityAudit" permissions only. You may use AWS Console or Terraform to generate the Role ARN.
Use Terraform to generate Role ARN
Using Terraform to generate a Role ARN will require the next steps:
- Get your , which can be found in My Account.
- Head over to AutoCloud's .
- Get the Provision Instructions, copy and paste into your Terraform configuration.
- The following assets will be created:
- aws_iam_role - The AWS IAM cross-account role
- aws_iam_role_policy_attachment - Several AWS IAM policy role attachments linking the cross-account role to the specific permissions allotted
- Copy the Role ARN.
Use AWS Console to generate Role ARN
Usin AWS Console to generate the ARN Role will require a few steps:
- After you've created a Visual Service Discovery, click on "Use AWS Console".
- You will be redirected to the following screen were you will create a role with the name "AutoCloudReadOnlyAccess":
Connect an AWS account to AutoCloud
- Go to Service Discovery
- Click on "Create New" in the top right corner.
- Pick AWS as a provider.
- Name your account and add a description.
5. Enter Role ARN to give AutoCloud read-only access. The credentials will be saved and you will be authenticated.
7. Select services and regions.
8. A new version will be created.
9. Click on to take a look at your your cloud in the 3D Environment.