This guide will walk you through the process of setting up cross-account access between your AWS account and the Firetiger AWS account (975050257559). This allows Firetiger to access resources in your AWS account in a secure and controlled manner.
Provision a standalone AWS sub-account in your AWS Organization for Firetiger. This account should not host unrelated workloads.
After granting Firetiger the deployment role, avoid modifying account-wide settings or Firetiger-managed resources without coordination. Contact your Firetiger Solutions Engineer to discuss changes.
Follow this link to create an account on the AWS console:
https://us-east-1.console.aws.amazon.com/organizations/v2/home/accounts
Click “Add an AWS account”, then follow the steps to create a new account to deploy Firetiger in:
We've created a CloudFormation template to automatically provision the required permissions in your AWS account.
Step 1: Save the following as firetiger-bootstrap.json:
{
"Resources": {
"CrossAccountAccessForFiretiger": {
"Type": "AWS::IAM::Role",
"DeletionPolicy": "Retain",
"Properties": {
"RoleName": "CrossAccountAccessForFiretiger",
"Description": "Allows full administrative access from the Firetiger account",
"ManagedPolicyArns": ["arn:aws:iam::aws:policy/AdministratorAccess"],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam::975050257559:root"]
},
"Action": ["sts:AssumeRole"]
}
]
}
}
}
},
"Outputs": {
"RoleARN": {
"Description": "ARN of the CrossAccountAccessForFiretiger role",
"Value": {
"Fn::GetAtt": ["CrossAccountAccessForFiretiger", "Arn"]
}
}
}
}