Creating an AWS credential for audit event archiving using the CLI

To configure archiving, you must set up a credential for audit event archiving and then configure CDP.

You must have the cross-account role ARN obtained in the previous task to finish setting up an AWS credential for audit event archiving.
Complete this task before you configure audit archiving. The audit credential that you create here is not tied to an environment, and exists outside of any environment, like the control plane itself. The associated role / permissions require write access to the storage location, including the ability to create files and folders.

Required Role: PowerUser

  1. Use the following commands to create a new audit credential:
    cdp environments set-aws-audit-credential \
        --role-arn arn:aws:...
    The role-arn information was provided when you created an IAM role.
    You can view audit credentials with this command:
    cdp environments list-audit-credentials
  2. Make note of the credential name created by the command.
Proceed to Setting up audit archiving in AWS using the CLI to complete the audit archiving setup.