Create a role-based credential

Create a role-based credential referencing the IAM role created earlier. This can be done from the CDP web interface or CDP CLI.

Before you begin

These steps assume that you have the ARN of the IAM role that you created in the Create a cross-account IAM role step. You can obtain the IAM Role ARN from the IAM console > Roles on AWS by selecting a role and clicking on your IAM role to navigate to its summary and then copying the Role ARN:

Steps - CDP web interface

  1. Log in to the CDP web interface.
  2. In the Management Console, navigate to Environments > Shared Resources > Credentials:
  3. Click Create Credential.
  4. Select AWS to access credential options for Amazon Web Services.
  5. Provide the following information:
    Parameter Description
    Select Credential Type Select Role Based (default value).
    Name Enter a name for your credential.
    Description (Optional) Enter a description.
    Enable Permission Verification Activate the Enable Permission Verification button if you want CDP to check permissions for your credential. CDP will verify that you have the required permissions for your environment.
    IAM Role ARN Paste the IAM Role ARN corresponding to the “CredentialRole” that you created earlier. For example arn:aws:iam::315627065446:role/CredentialRole is a valid IAM Role ARN.
  6. Click Create.
  7. Your credential should now be displayed in the Credentials pane.

Steps - CDP CLI

  1. You have three options:
    1. (The simplest option) In CDP CLI, use the following command to create a credential:
      cdp environments create-aws-credential \
      --credential-name <value> --role-arn <value>
    2. Alternatively, you can provide the credential information in the CDP web interface > Management Console > Environments > Shared Resources > Credentials > Create Credential and then click on SHOW CLI COMMAND and copy the JSON snippet. Next, save the JSON in a text file and use the following command to create a credential:
      cdp environments create-aws-credential --cli-input-json <value>
    3. Alternatively, you can use the following commands: Use the first command to obtain the JSON snipped, then provide the missing information, and then use the second command to create the credential:
      cdp environments create-aws-credential --generate-cli-skeleton
      cdp environments create-aws-credential --cli-input-json <value>

After you finish

Now that you have created the credential, you can use it to register your AWS environment.