Create a provisioning credential for AWS
Create a role-based credential referencing the IAM role created earlier. This can be done from the CDP web interface or CDP CLI.
Before you begin
Prior to performing these steps. you should create a cross-account role. See Cross-account access IAM role.
These steps assume that you have the ARN of the IAM role that you created in an earlier step. You can obtain the IAM Role ARN from the IAM console > Roles on AWS by selecting a role and clicking on your IAM role to navigate to its summary and then copying the Role ARN:
Required role: EnvironmentCreator
- Log in to the CDP web interface.
- Navigate to the Management Console.
- Select Shared Resources > Credentials from the navigation pane.
- Click Create Credential.
- Select AWS to access credential options for Amazon Web Services.
- Provide the following information:
Parameter Description Select Credential Type Select Role Based (default value). Name Enter a name for your credential. Description (Optional) Enter a description. Enable Permission Verification Activate the Enable Permission Verification button if you want CDP to check permissions for your credential. CDP will verify that you have the required permissions for your environment. IAM Role ARN Paste the IAM Role ARN corresponding to the “CredentialRole” that you created earlier. For example
arn:aws:iam::315627065446:role/CredentialRoleis a valid IAM Role ARN.
- Click Create.
- Your credential should now be displayed in the Credentials pane.
- You have three options:
- (The simplest option) In CDP CLI, use the following command to create a
cdp environments create-aws-credential \ --credential-name <value> --role-arn <value>
- Alternatively, you can provide the credential information in the CDP web interface
> Management Console > Environments > Shared Resources > Credentials > Create
Credential and then click on SHOW CLI COMMAND and copy the JSON
snippet. Next, save the JSON in a text file and use the following command to create
cdp environments create-aws-credential --cli-input-json <value>
- Alternatively, you can use the following commands: Use the first command to
obtain the JSON snipped, then provide the missing information, and then
use the second command to create the
cdp environments create-aws-credential --generate-cli-skeleton cdp environments create-aws-credential --cli-input-json <value>
- (The simplest option) In CDP CLI, use the following command to create a credential:
After you finish
Now that you have created the credential, you can use it to register your AWS environment.