Create a provisioning credential for AWS

Create a role-based credential referencing the IAM role created earlier. This can be done from the CDP web interface or CDP CLI.

Before you begin

Prior to performing these steps. you should create a cross-account role. See Cross-account access IAM role.

These steps assume that you have the ARN of the IAM role that you created in an earlier step. You can obtain the IAM Role ARN from the IAM console > Roles on AWS by selecting a role and clicking on your IAM role to navigate to its summary and then copying the Role ARN:

Required role: EnvironmentCreator


  1. Log in to the CDP web interface.
  2. Navigate to the Management Console.
  3. Select Shared Resources > Credentials from the navigation pane.
  4. Click Create Credential.
  5. Select AWS to access credential options for Amazon Web Services.
  6. Provide the following information:
    Parameter Description
    Select Credential Type Select Role Based (default value).
    Name Enter a name for your credential.
    Description (Optional) Enter a description.
    Enable Permission Verification Activate the Enable Permission Verification button if you want CDP to check permissions for your credential. CDP will verify that you have the required permissions for your environment.
    IAM Role ARN Paste the IAM Role ARN corresponding to the “CredentialRole” that you created earlier. For example arn:aws:iam::315627065446:role/CredentialRole is a valid IAM Role ARN.
  7. Click Create.
  8. Your credential should now be displayed in the Credentials pane.
  1. You have three options:
    1. (The simplest option) In CDP CLI, use the following command to create a credential:
      cdp environments create-aws-credential \
      --credential-name <value> --role-arn <value>
    2. Alternatively, you can provide the credential information in the CDP web interface > Management Console > Environments > Shared Resources > Credentials > Create Credential and then click on SHOW CLI COMMAND and copy the JSON snippet. Next, save the JSON in a text file and use the following command to create a credential:
      cdp environments create-aws-credential --cli-input-json <value>
    3. Alternatively, you can use the following commands: Use the first command to obtain the JSON snipped, then provide the missing information, and then use the second command to create the credential:
      cdp environments create-aws-credential --generate-cli-skeleton
      cdp environments create-aws-credential --cli-input-json <value>

After you finish

Now that you have created the credential, you can use it to register your AWS environment.