Step 1) Create a CDP credential

In the CDP console, the first step is to create a CDP credential. The CDP credential is the mechanism that allows CDP to create resources inside of your cloud account.

  1. From the CDP home screen, click the Management Console icon.
  2. In the CDP Management Console, navigate to Environments > Shared Resources > Credentials and then click Create Credential.
  3. Click the Copy icon to the right of the Create Cross-account Access Policy text box.
  4. In a second browser tab, open the AWS Console and navigate to Identity and Access Management > Policies. Click Create Policy.

  5. Click on the JSON tab and paste the access policy in the text box.
  6. Click Review Policy.
  7. Give the policy a unique name and a description.
  8. Click Create Policy.
    Next, you create the required cross-account role.
  9. In the AWS console, navigate back to Identity and Access Management.
  10. Click Roles > Create Role.
  11. Under Select type of trusted entity, select Another AWS account.
  12. Return to the CDP Management Console and copy the contents of the Service Manager Account ID field on the Credentials page.
  13. In the AWS console, paste the Service Manager Account ID into the Account ID field.
  14. Return to the CDP Management Console and copy the contents of the External ID field on the Credentials page.
  15. In the AWS console, paste the External ID into the External ID field.
  16. Click Permissions and select the checkbox next to the name of the policy that you created in Step 8.
  17. Click Next: Tags.
  18. Click Next: Review.
  19. Give the role a unique name and description, then click Create Role.
  20. Still in the role page of the AWS console, search for the role you just created, and click on it.
  21. Copy the Role ARN at the top of the Summary page.

  22. Return to the Credentials page in the CDP Management Console.
  23. Give the CDP credential a name and description. The name can be any valid name.
  24. Paste the Role ARN that you copied from the AWS console into the Cross-account Role ARN field, then click Create.

    Now that you've created a cross-account role, proceed to creating a CDP environment.