AWS cloud Integration – Create Role
1.Integration must be done through your root account to access cost data. Don’t worry, linked accounts are automatically brought.
2.In CleanCloud, click the cloud menu at the top right and select add.
3.Select AWS and Continue
4.Type a name for your cloud. It’s optional to put description. Click on Continue.
5.In a new browser tab, access your AWS console and go to IAM Management Roles page. There, select the Create Role button. (Services > IAM > Roles > Create Role)
6.Click another AWS Account as Trusted entity type.
7.Back at the CleanCloud page, copy the Account ID and past it into the AWS page in the Account ID field. Select the Require External ID option and copy the External ID from the CleanCloud page and past it into the External ID option. Keep this page open for the next steps. Leave the Require MFA option unchecked and select Next: Permissions
8.In the permissions policy search bar, type “ReadOnlyAccess” and check the option with that exact name to give permission to this policy only and click Next.
9.Leave this screen blank and select Next: Review.
10.Type CleanCloudApp as the Role name. The description is optional. Finally, click on Create Role to finish.
11.Back to the Role page, click on the newly created Role – CleanCloudApp – to access your data.
12.Copy the ARN Role from the AWS page and paste it on the ARN Role on the CleanCloud page.