Using IAM Role (Recommended)

Owned by Daria Lebedeva
Last updated: Nov 18, 2024
3 min read

This article explains how to add AWS accounts to Cloudaware using an AWS IAM role. Ensure you have the necessary permissions in AWS.

 

  1. Log in to Cloudaware account → Admin.

new admin.png

  1. Find Amazon Organizations & Accounts. Click +N Configured → +ADD AMAZON ACCOUNT:

admin - add aws account.png

  1. Type AWS account name in the form. Select 'AWS IAM role' as authentication type.

a. Select AWS Partition:

b. Generate External ID:

Copy and save External ID required for Cloudaware IAM Role creation in AWS console.

c. Select the option for CloudFormation stack creation:

Quick launch

Manual creation

Quick launch

Manual creation

This option allows launching AWS CloudFormation stack with a pre-generated Cloudaware template. Click Launch Stack to be redirected to AWS Console:

 

This option allows the manual creation of AWS CloudFormation stack. Click Template to download* the CloudFormation template:

*Download populated with account data - the template will contain your AWS Account data auto-populated, e.g. billing buckets
Download with placeholders - the template will contain placeholders that need to be populated with AWS accounts data

4. Log in to AWS console:

Quick launch

Manual creation

Quick launch

Manual creation

Note that Amazon S3 URL is pre-selected as Template source. The URL for Cloudaware template is auto-populated. Click Next.

 

Go to All Services → the section 'Management & Governance' → CloudFormation. 

Click Create Stack → With new resources (standard).

Select Upload a template file → click Choose file* to upload the template. Click Next.

* - upload the Cloudaware template.

5. Specify stack details:

a. Provide Stack name (or leave it as is, e.g. cloudaware-iam-role-stack)

b. Fill in Parameters:

WHERE

CloudAware Role ARN: leave it as is

CloudAware Role Name: replace auto-generate with a meaningful name, e.g. Cloudaware_Role

External ID: paste External ID generated in the Cloudaware console (see step 3.b)

c. In the section 'Policies', select preferable features. Click Next.

6. Set up tags and permissions, stack failure options, and advanced options if necessary. Click Next.

7. Review the stack details. Check the box I acknowledge that AWS CloudFormation might create IAM resources with custom names. Click Submit.

Please allow some time for the stack to be created.

8. Open the tab 'Outputs' for the created stack. Copy the IAM Role ARN value.

9. Go back to Cloudaware. Paste Role ARN in the form. Click Check:

Once validation is passed, click Save.

Â