In this page, we explain how to register AWS account to Cloud Automator using IAM role. Cloud Automator will use registered credential information to automate operation by accessing to your AWS resources
The procedure for AWS account registration using IAM role, using Cloud Automator and AWS management console, is as follows.
- Start AWS account registration process at Cloud Automator
- At AWS management console, create "CloudFormation stack" for "Cloud Automator designated IAM role" in your AWS account.
- Complete creating Cloud Formation stack and IAM role shall be creted accordingly.
- Back to Cloud Automator and enter created IAM role information
- Complete AWS account registration at Cloud Automator
In order to register one AWS account to Cloud Automator, the following new resource in your AWS account shall be required.
- One CloudFormation stack
- One IAM role
These items will be created during the following procedure, so you don't have to create it before.
Please note that above 2 resources are required on each AWS account at Cloud Automator side. Existing CloudFormation stack and IAM role can't be re-used.
Basically, only IAM role ARN created through "Create IAM Role" button can be registered. When closing the window before registration or re-using IAM role which was created before can't be used. (need to create new IAM role)
Register AWS account credential information
- When you access to "Add Group" page in Cloud Autoamtor, it will show "Group information" form. Enter "Group Name" and "Group Color", then press "Add AWS Account" button.
- "Add AWS Account (IAM Role)" window will open. Press "Create IAM Role" button at STEP1 and open AWS Management console. (It opens in a new window or new tab)
Please note that when you close the "Add AWS Account" dialogue, then you need to create new IAM role by pressing "Create IAM Role" button.
- "Quick create stack" page at AWS management console will show up. When you are not sign-in AWS management console, then Sign in screen will show up so please sign in.
Please try not to change the name in the "Stack name" column. When you change the "Stack name", we can't automatically recognize which CloudFormation stack and which AWS account at Cloud Automator side is corresponding. Therefore, if you want to change "Stack name", please be sure to understand which AWS account at Cloud Automator side is corresponding to that stack.
Please check the check-box for "I acknowledge that AWS CloudFormation might create IAM resources." at lower part of Quick create stack page and press "Create stack" button.
- CloudFormation Stack creation will begin. Usually, it takes about 2-3 minutes to complete and will show "CREATE_COMPLETE".
- When CloudFormation Stack creation is completed, press "Outputs" tab. At this time, please copy the "value" for "ARN" key.
After you copy ARN valeu, you can close AWS management consolte.
- Go back to Cloud Automator side and paste the copied value to "IAM Role ARN" column and enter designated name in "Name" column. Then press "Add AWS Account" button.
Once access to AWS acount is completed successfully, then AWS account for "IAM Role" can be seen as a list.
At this stage, creation of the group is not completed and AWS account is also registered as "temporaly registered" state. To complete creation of the group, press "Add" button.
When you close the page without pressing "Add" button, then temporarly registered AWS account information will be lost. Also, created CloudFormation stack in your AWS account as well as IAM Role will be remained.
With this procedure, the registration of AWS account credentials is completed. For next step, let's try to add tag to EC2 instance which you want to take back ups.
(Supplement) Caution for deleting AWS account
When you delete AWS account at Cloud Automator, the CloudFormation stack as well as IAM Role created in your AWS account won't automatically be deleted.
You can verify corresponding CloudFormation stack name by pressing "Edit" button for AWS account, which you want to delete at Group edit page.
Based on this name, please delete CloudFormation stack at AWS management console side. (IAM Role will automatically be deleted when you delete CloudFormation stack)