Microtica provisions infrastructure on your own AWS account. In order to enable Microtica to manage cloud resources, you need to connect your AWS account and grant the proper access permissions.
Microtica authenticates with your AWS account by using AWS STS assume role service to generate temporary access tokens. Generated tokens are then used in every subsequent call to your account.
Connect your AWS account in two steps:
If you like to quickly establish the access then login into your AWS account and follow this link.
The link will redirect you to the CloudFormation page and ask you for the External ID parameter. Enter some secret value in this field and remember it for later.
To create a cross-account role you need to first login into the AWS console. Follow the steps below to establish access between Microtica and your AWS account.
It’s a best practice to always follow principle of least privileges. Start by giving Microtica least privileges and then expand permissions as you see a need for that.
Once the role is properly configured in your AWS account you can attach the account from the Microtica portal and start deploying infrastructure in the cloud. Go to Project Settings and choose the Integrations tab. Under there select Cloud Accounts > Connect AWS.
Enter the necessary credentials to connect your AWS account:
Now, you are ready to automate and deploy your infrastructure on AWS.
To completely revoke Microtica access to your AWS account you just need to remove the previously created cross-account role. After that, Microtica will no longer have access to your cloud account.