AWS cloud Integration – Create Role

You are here:
← All topics

1. Integration must be done through your root account to access cost data. Don’t worry, linked accounts are automatically brought.

2. In CleanCloud, click the cloud menu at the top right and select add. 

3. Select AWS and Continue

4. Type a name for your cloud and click on Continue.

5. Here it is necessary to create IAM policies with the permissions to integrate the AWS cloud with CleanCloud. To do this, on the CleanCloud panel click on View policy here. 

6. Click the copy icon to copy the AWS policy JSON  that will be created.

7. In a new browser tab, navigate to the IAM Management Policies page. Then select the Create policy button (Services> IAM> Policies> Create policy).

8. On the Create Policy page, paste the code copied in the previous step into the JSON tab. Click the Review policy button.

9. Type a name for the new policy and click the Create policy button.

10. Repeat the same process to create the second Billing policy and don’t forget to include the name of the bucket you want to reference in JSON. Then click on the Create Policy button.

After creating the two new policies, it is necessary to attach them to a new IAM role.

11. In a new browser tab, access your AWS console and go to IAM Management Roles page. There, select the Create Role button. (Services > IAM > Roles > Create Role)

12.Click another AWS Account as Trusted entity type.

13. Back at the CleanCloud page, copy the Account ID and past it into the AWS page in the Account ID field. Select the Require External ID option and copy the External ID from the CleanCloud page and past it into the External ID option. Keep this page open for the next steps. Leave the Require MFA option unchecked and select Next: Permissions 

> CleanCloud page

> AWS page

14. In the Attach permissions policies, enter the name of the first policy created and check the checkbox, repeat the process for the second policy as well and click Next.

15. Leave this screen blank and select Next: Review. 

16. Type CleanCloudApp as the role name. Optional to put a description for it. Check that the two policies created previously are attached to the role and then click Create Role to finish.

17. Back to the Role page, click on the newly created Role – CleanCloudApp – to access your data. 

18. Copy the ARN Role from the AWS page and paste it on the ARN Role on the CleanCloud page.

> AWS page

> CleanCloud page

 

You have completed the first part of the integration, congratulations!