IAM Grant Access to Imagicloud

The first step for us to help you is granting our IAM account access to your accounts.

To achieve this you must add an IAM role in each account to which we will require access with a trust relationship with our IAM account.

If you already have Terraform working we have a module we can supply to you which will deploy the necessary changes, drop us a message and we’ll send it over to you.

Login to the AWS Account

To get started, login to the first account to which you wish to grant access. You will need to repeat the process for each additional account.

Once you have logged in, click the ‘Services’ menu in the top left and search for “iam”.

Create IAM Role

Once you have reached the IAM section you should use the left hand menu and select ‘Roles’.

You will find any existing roles contained within the account listed here, if this is a new account it is likely this list will be empty.

Select ‘Create Role’ which appears above the list and is shown in blue above.

Select ‘Another AWS Account’ for ‘Select type of trusted entity’.

Enter the Imagicloud IAM account number which will have been sent to you by email.

It is up to you whether you tick ‘Require MFA’ or not, we enforce it within our IAM account in any case.

If you choose to set ‘Require external ID’ please ensure you share this with us so that we are able to connect. We would prefer it not to be set as we have other control measures in place internally.

When ready, click Next which can be found at the bottom right of the screen.

Next you will be asked which policy should be attached to this role, please tick ‘AdministratorAccess’ and proceed to the next page.

There is an intermediate page not shown in this documentation where you can optionally add tags – if we are setting up your accounts and environments we will take care of this for you at a later stage.

Name the role ‘ImagicloudAccessRole’ and then click ‘Create Role’. Once you have completed this step you should now have successfully granted the Imagicloud AWS account access to your AWS account.

You will need to repeat this process for each additional account to which we will require access.

Provide Details to Imagicloud

Once you’ve configured access please notify us via your account manager or architect.

We will be needing:

  1. The account numbers
  2. The role name (ImagicloudAccessRole)
  3. The external ID of each account if you chose to set one
  4. The use purpose of the account if it is not new