search
Sign InAPIIntegrationsGitHub

CloudFormation

hashtag
Creating a CloudTruth Access IAM Role via CloudFormation

hashtag
Prerequisites

circle-info

CloudTruth provides the required External ID when marking an AWS integration as Pending.

hashtag
AWS CloudTruth Integration

Before running the CloudFormation stack, you'll need to create the AWS integration. The integration will sit in a pending state until the CloudFormation stack is created.

Log into CloudTruth and go to Integrations --> AWS

Click the blue Add AWS Account button.

Add in the following information:

  • AWS Account ID: The ID of your organizations AWS account

  • Role Name: The role name that you're going to use when running the CloudFormation template (coming up in the next section).

  • Select S3, Secrets Manager, and SSM Parameter Store for CloudTruth to have access to those services in AWS.

Copy the External ID from the pending CloudTruth AWS Integration. You'll use the External ID in the next section when running the CloudFormation stack.

hashtag
CloudFormation Stack Creation

The following AWS cli command will use the CloudFormation template to create an AWS Role providing CloudTruth AWS integration access with inline policies for S3, SSM, and Secrets Manager.

Execute the following aws cloudformation create-stackarrow-up-right command:

  • Update the EXTERNAL_ID_FROM_CLOUDTRUTH from the pending CloudTruth AWS account creation.

  • Update the integration AWS_INTEGRATION_ROLE_NAME value.

circle-exclamation

The AWS_INTEGRATION_ROLE_NAMEprovided must match the Role Name for the CloudTruth AWS account being created as outlined the screenshot below.

hashtag
CloudFormation Template Repo

LogoGitHub - cloudtruth/cloudformation-cloudtruth-accessGitHubchevron-right
PreviousAWS RoleNextTerrraform

Last updated

Was this helpful?