Configure Role ARN credentials

Configure Role ARN Credentials

To give third-party services like Code Pipes access to your AWS resources, you can set up Role ARN credentials. This allows Code Pipes to manage your AWS account and deploy infrastructure within your AWS cloud. Follow the steps below to configure Role ARN credentials:

Overview

The basic steps to configure Role ARN credentials are:

  1. Create a new IAM role in your AWS IAM console and copy the Role ARN.
  2. Register the Role ARN with Code Pipes using either the Code Pipes UI or the Code Pipes CLI.

Before You Begin

Before you begin configuring Role ARN credentials, make sure you have the following information:

  • Ollion Account ID: 303665096113
  • Ollion organization ID: You can obtain this from either the Code Pipes UI or the Code Pipes CLI.

To obtain the organization ID from the Code Pipes UI, follow these steps:

  1. Log into the Code Pipes UI.
  2. Look at the address bar in your browser. It should resemble the following format: <base-url>/org/addc0964-cf4f-4e24-8e98-38a05588c0ba.
  3. In this example, the organization ID is addc0964-cf4f-4e24-8e98-38a05588c0ba.

Create IAM Role

Follow the steps below to create an IAM role for Code Pipes in your AWS IAM console:

  1. Go to the AWS IAM console.
  2. Click on "Roles" in the left navigation menu.
  3. Click the "Create role" button.
  4. Select "Another AWS account" as the type of trusted entity.
  5. Fill in the following fields:
    • Account ID: Enter the Code Pipes account ID. In this case, it is the Ollion Account ID: 303665096113.
    • External ID: Enter your Code Pipes organization ID.
    • Permissions: Assign the necessary permissions to the role. Ensure that the role has sufficient access to deploy and manage your Terraform infrastructure in AWS.
  6. Click "Next" and follow the prompts to complete the role creation process.

Note: Make sure the role you create is not for an AWS account owner with Administrator permissions. AWS account owner sessions have a maximum duration of 3,600 seconds (one hour). Pipelines running longer than one hour may fail due to access expiration.

Once you have created the IAM role, you can proceed to register the Role ARN with Code Pipes using either the Code Pipes UI or the Code Pipes CLI.

cred-create-aws-role-arn