Create AWS cloud credential

Cloud account is sometimes called as cloud credential. You need to initiate cloud credentials to access some information from your cloud resources. For example, Amazon Web Services (AWS), requires access keys and secret keys, Azure requires app registration, GCP requires service account.

To create AWS cloud credential, we need to setup and collect the following information:

AWS Cloud Credential parameters

  • Account ID
  • Access key / Secret key

AWS Cloud Credential's policy

  • Cloud Expense: Cost & Billing policy, Report Name (Cost & Usage report)
  • Cloud Safe: Security Auditing policy
  • Cloud Automation: Resource policy

1. Create AWS Cloud Credential

Creating IAM user

Click link to Sign In:

Click to AWS IAM console to create IAM user with name CloudSuite_{application} or any name that you want (eg. CloudSuite_expense)

Select Programmatic access to avoid any unexpected access from Console.

Add tag to user (optional)

  • Owner: your_account (eg. hadd7)
  • Purpose: CloudSuite_{Application}_Credential (eg. CloudSuite-Credential)

2. Attach the policy

We provide you the policy of Cloud Credential according to the least privileges to avoid any security issue.

Cloud Apps Policy
Cloud SafeSecurityAudit, CloudSafeCustomPolicy
Cloud ExpenseCostExpenseCustomPolicyv2
Cloud Automation ReadOnlyAccess or associated permissions depending on the templates that you use

Attach the AWS pre-defined policies which is associated with your application such as Security Audit of Cloud Safe, Read-Only of Cloud Expense, Administrator of Cloud Ops.

Attach added custom policy which is associated with your application by downloading the policy and paste to the inline policy

3. Copy AWS access key, secret key, account ID and report name

Access Key / Secret Key

Account ID

Report Name

Refer to this link for the Billing report configuration:

4. Adding Cloud Account with parameters

Go to the Cloud Identity and register Cloud Credential:

  • Account ID: *********
  • AWS Access KeyAKIA2********
  • AWS Secret Key4gBFu**************
  • Report Name (or without Report Name with AWS Normal Account option)

Leave a Reply