You want to grant Utoolity access to your AWS account(s) so that it will be easier to assess configuration details, assist with resp. best practice advise regarding security and cost governance, and of course implement/discuss/optimize the collaboration goals in peering sessions down the road.
...
To achieve this, you can either log into the AWS Management Console, switch to the AWS region were you want to create the stack, and then click on this partially pre-configured
URL, or you can create a stack manually via one of the following approaches:- Creating a Stack on the AWS CloudFormation Console
- Creating a Stack with the AWS Command Line Interface
For the manual approach, when asked to "Specify an Amazon S3 template URL" on the console, please reference the URL of our cross-account-access.yaml template.
For all approaches, please ignore the optional 'External ID' parameter, which is only required for advanced usage scenarios at scale (read more, if you are curious).
- Supply the following parameters:
- Stack name (rename as you see fit): cross-account-access-utoolity
- ID of trusted partner account (ask): <our collaboration account>
- (Optional) External ID (ignore):
- Grant cost audit permissions (review): true
- Grant security audit permissions (review): true
- Managed IAM policy ARNs (review): arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
- Require MFA (keep): true
- Finally you'll also need to acknowledge that the template creates IAM resources.
- The stack creates an output 'CrossAccountRoleArn' - please report this back to Utoolity so that we can assume the provisioned role to gain access to your AWS account based on the selected policy (i.e. likely ViewOnlyAccess right now, to be adjusted as we go).
...