To authenticate with your AWS account, you will need to grant AutoCloud read-only access to your resources.
Generating a cross-account read-only role is the simplest and most secure way of authenticating with your AWS account. This role will need the AWS owned "ReadOnlyAccess" permissions only. You may use AWS Console or Terraform to generate the Role ARN.
Using Terraform to generate a Role ARN will require the next steps:
- Get your AutoCloud organization ID, which can be found in My Account.
- Head over to AutoCloud's AWS Terraform Module.
- Get the Provision Instructions, copy and paste into your Terraform configuration.
- The following assets will be created:
- aws_iam_role - The AWS IAM cross-account role
- aws_iam_role_policy_attachment - Several AWS IAM policy role attachments linking the cross-account role to the specific permissions allotted
- Copy the Role ARN.
Using AWS Console will require a few steps:
- After you've created an AWS Service Discovery, click on "USE CLOUDFORMATION".
2. Login to AWS if you haven't done that already.
3. In AWS Console, confirm the creation of the Cloudformation stack. This will create a read-only access role, named "AutocloudReadOnly".
4. Wait for the CloudFormation stack to finish. This should take no more than a couple of minutes.
5. Copy the new role ARN from CloudFormation stack outputs.
7. Add the ARN following the steps below.
- Go to Accounts
- Click on "Create New" in the top right corner.
- Pick AWS as a provider.
- Name your account and add a description.
5. Enter Role ARN to give AutoCloud read-only access. The credentials will be saved and you will be authenticated.
6. Select services and regions.
8. A new version will be created.
9. Click on View to take a look at your cloud in the Environment Explorer