You want to grant Utoolity access to your AWS account(s) so that it will be easier to assess configuration details, assist with resp. best practice advise regarding security and cost governance, and of course implement/discuss/optimize the collaboration goals in peering sessions down the road.
In order to provision this IAM role as infrastructure as code via an AWS CloudFormation template, you'll need to create a CloudFormation stack from our cross-account-access.yaml template with a name of your choosing:
To achieve this, you can either log into the AWS Management Console, switch to the AWS region were you want to create the stack, and then click on this partially pre-configured
URL, or you can create a stack manually via one of the following approaches:
For the manual approach, when asked to "Specify an Amazon S3 template URL" on the console, please reference the URL of our cross-account-access.yaml template. For all approaches, please ignore the optional 'External ID' parameter, which is only required for advanced usage scenarios at scale (read more, if you are curious).
Supply the following parameters:
Stack name (rename as you see fit): cross-account-access-utoolity
ID of trusted partner account (ask): <our collaboration account>
(Optional) External ID (ignore):
Grant cost audit permissions (review): true
Grant security audit permissions (review): true
Managed IAM policy ARNs (review): arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
Require MFA (keep): true
Finally you'll also need to acknowledge that the template creates IAM resources.
The stack creates an output 'CrossAccountRoleArn' - please report this back to Utoolity so that we can assume the provisioned role to gain access to your AWS account based on the selected policy (i.e. likely ViewOnlyAccess right now, to be adjusted as we go).