Configuring AWS - Role

Allow TotalCloud access to your AWS account using an IAM Role. After syncing, you can add the permissions required for each workflow as inline policies within the role.

You can configure your AWS account on TotalCloud using either a Role or Key.

Using a Role

1.Navigate to the accounts page in TotalCloud app - https://app.totalcloud.io/accounts/aws/user

2. Click on Sync Account/Sync Another Account button.

3. Log in to your AWS console and navigate to IAM >> Roles.

4. Click on ‘Create Role’.

5. In the role creation screen, choose ‘Another AWS Account’.

6. Select the ‘Require external ID’ option and copy the Account Number and External ID from TotalCloud application’s account sync panel and paste into the Account ID and External ID fields of AWS Role creation and click ‘Next: Permissions’.

7. In the next window, attach a permission policy to the role. This is an important step. Without at least one valid policy, syncing the role with TotalCloud will fail. For starters, you could attach the ‘Read Only Access’ policy. This will enable TotalCloud to read your resources but not perform any action. Once attached, click ‘Next: Tags’.

8. The ‘Add Tags’ step is entirely optional. Once you’ve added your tags, click on ‘Next: Review’

9. In the Review section assign a role name and click ‘Create role’. Once this is done, the role is created and you will return to the roles section of IAM, where you can see the role that you just created.

10. Click on the newly created role and copy the Role ARN from the role summary and paste it into the RoleARN field of TotalCloud account sync form, give the synced account a name and click Save.

11. You have synced your AWS account with TotalCloud.

In order to ensure that you have seamless AWS integration, give the IAM getrole permission to your Role. Alternatively, add the following code as an Inline Policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "1580112979752",
"Effect": "Allow",
"Action": [
"iam:getrole"
],
"Resource": "*"
}
]
}