You want to grant Utoolity access to your AWS account(s) so that it will be easier to assess configuration details, assist with resp. best practice advise regarding security and cost governance, and of course implement/discuss/optimize the collaboration goals in peering sessions down the road.
This requires an IAM role which (only) Utoolity can assume so that we can gain cross-account access to your AWS account. The IAM role in turn facilitates one or more managed IAM policies to govern which specific permissions are granted. To ease getting started, we will reuse the official arn:aws:iam::aws:policy/job-function/ViewOnlyAccess policy at first and can replace it with something more tailored as we go. To account for the use case at hand, the embedded 'CostAudit' and 'SecurityAudit' policies also need to be enabled via the resp. parameters.
In order to provision this IAM role as infrastructure as code via an AWS CloudFormation template, you'll need to create a CloudFormation stack from our cross-account-access.yaml template with a name of your choosing:
To achieve this, you can either log into the AWS Management Console, switch to the AWS region were you want to create the stack, and then click on this partially pre-configured URL, or you can create a stack manually via one of the following approaches:
For the manual approach, when asked to "Specify an Amazon S3 template URL" on the console, please reference the URL of our cross-account-access.yaml template.
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|