Add AWS account to GCP Stackdriver

1
votes

I want to use GCP Stackdriver for my AWS accounts. When I go to my workspace settings and click the "Add AWS Account" it gives the following instructions:

Log in to your Amazon IAM console and click Roles

Click "Create New Role"

Select the role type "Another AWS account"

Check the box "Require external ID"

Enter the following:

Account ID: 123456789012

External ID: ab12345678

Require MFA: unchecked

Click "Next: Permissions".

Select "ReadOnlyAccess" from the policy template list and click "Next: Review"

Enter a "Role Name" such as Stackdriver and click "Create Role"

Select the "Role Name" you just entered from the role list to see the summary page

Copy the "Role ARN" value and paste it in the AWS Role ARN field below

I tried that on my AWS account but it's obvious that the IDs aren't real. How can I get the IDs to create my AWS link account?

I'm the GCP project's owner and have permissions to create projects too.

Thanks

1
amazon-web-servicesgoogle-cloud-platformstackdrivergoogle-cloud-stackdriver

1 Answers

2
votes

By looking the steps mentioned you are trying this document; The ID's are exactly the ones that Stackdriver monitoring is telling you to use to create the role on AWS.

There is some issue with the new UI for Stackdriver Monitoring. To workaround this issue please follow this steps:

  1. On stackdriver Monitoring console you will see a banner at the top

    "Stackdriver Monitoring in the Google Cloud Console is Generally Available. This is now the default experience and will be the only experience available by the end of January 2020"

    • Then click to use classic button to change to the old interface, there you will be able to say why you are changing to the old interface.

  2. Once you get the old interface, go to Workspace Settings (located in your project name on the top/left side of the screen) --> Monitored accounts --> Add AWS account. There you will be able to get the correct Account ID and External ID for your OWN Stackdriver Workspace.

  3. Then continue the steps as the guide say by creating the role on AWS and sharing the ARN to Stackdriver.