Creating an AWS External Cloud Account

A Cloud Account is a cloud environment that Configuration Manager monitors. For more information about monitoring Cloud Accounts, see Getting Started with Configuration Manager.

The AWS External account type uses a role in the customer's AWS account that grants Tripwire.io permission to assume the role directly. For more information on how this role type works, see the AWS documentation on External ID.

Quick Start Video

This video provides a simplified overview of the procedure below.

Since this role requires some information from Tripwire.io, the simplest way to create the role is to use our "Launch Stack" CloudFormation template, which populates all of this information.

1. In Configuration Manager, navigate to Environment > Cloud Accounts and click New.

2. In the New Cloud Account pane, enter a Name and Description to identify this account.

3. Select AWS External as the account Type and select a Region.

4. To enable Configuration Manager to remediate systems on this account, check Include write permissions for remediation. Otherwise, CM will only have read-only access.

5. Click Launch Stack to open the CloudFormation template in the AWS console (after signing in).

   Do not close the Tripwire.io tab/window.

6. On the CloudFormation create stack page, select the IAM resource acknowledgement checkbox and click Create stack.

   

7. On the newly created stack page in the AWS console, wait until the stack's status is CREATE_COMPLETE.

   

   Tip:	Creating the stack should take less than a minute, but you can refresh the table to update the status.

8. Once the stack is created, click the Outputs tab.

9. Select the value of RoleARN and copy it to the clipboard.

   

10. Back in Configuration Manager, paste the copied value into the Role ARN field.

11. Click Save to create the new cloud account.