Setting up an AWS credential for audit event archiving using the CLI

To configure archiving, you must set up a credential for audit event archiving and then configure CDP.

You must have set up an AWS policy in AWS IAM and received a cross-account role ARN to finish setting up an AWS credential for audit event archiving.
Complete this task before you configure audit archiving. The audit credential that you create here is not tied to an environment, and exists outside of any environment, like the control plane itself. The associated role / permissions require only write access to the storage location, including the ability to create files and folders.
  1. Use the following commands to create a new credential.
    cdp environments set-aws-audit-credential \
        --role-arn arn:aws:...
    The role-arn information was provided when you created an IAM role.
    You can view audit credentials with this command:
    cdp environments list-audit-credentials
  2. Make note of the credential name created by the command.