Prepare Your AWS Account

Before CloudCheckr can begin to monitor your AWS environment, you must configure CloudCheckr and AWS so that they can exchange data.

A cross-account role is the IAM identity that lets you establish that connection between CloudCheckr and AWS.

When you assume a cross-account role, AWS provides temporary credentials for that session—reducing the possibility of unauthorized access. More importantly, a cross-account role allows you to access resources from different AWS accounts without the need to sign in and out of each account.

There are two ways to create a cross-account role; which method you choose determines the remaining steps in your account preparation.

In this topic, you will:

  • review the two ways you can create a cross-account role
  • choose your method for cross-account role creation
  • complete your account preparation based on your chosen method


  1. Review the pros and cons of each method and decide which one works best for your deployment:




    Create Manually

    • best if you are less technical/new to AWS
    • you can tailor each policy to fit your needs
    • best if you don't have access to all modules
    • you must create a cross-account role and policies separately
    • you must manually update each policy any time CloudCheckr makes changes

    Create Using CloudFormation

    • recommended by CloudCheckr
    • the template creates your cross-account role and policies automatically in one step
    • requires some familiarity with CloudFormation and AWS environment
    • your policies are limited to 6,144 characters
  2. Click the button associated with your chosen method and follow the instructions to complete your account preparation:

How did we do?