Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Hi Experts,

We would like to avoid using IAM user (access key / secret key) when integrating. as there are more than 30 accounts, it will be a challenge when we need to cycle our key later. i saw we can use assume role, but there’s no detailed instruction on how to setup the assume role and external id.


Hello @ranujain,

When configuring your AWS account as a cloud in Morpheus, you will enter the credentials of the user that is allowed to assume into the roles in the other accounts. As well, you’ll enter the Role ARN for the target Cloud you are connecting to, which should have the needed permissions for Morpheus. If your role requires an external ID, enter that as well.

Below is an example of an account I have added using credentials from my management account and the Role ARN from a child account in AWS Organizations. I don’t use the external ID in my example but you can populate that as well, if that is a requirement. If successful, and the proper permissions are on the assumed role, the VPCs should populate for the cloud or at least not mention an error about your credentials.

Hope that helps!

Hello @kgawronski

Thank you for your information.

I think you may miss pasting the hyperlink for “needed permissions” in your reply. could you please re-share the link for any needed permission of assumerole for Morpheus?

Thank you.

Should work now :slight_smile:


Hi @Tyler_Boyd - I believe Morpheus has not implemented this function where customers can use only the Assume Role & External ID option and not using the access & secret key. Because we cannot move forward without providing IAM user’s security credentials. Please check below idea raised for the same.

That idea is closed and is marked to have been added in version 6.0.2

Hello @Tyler_Boyd ,

I understood that it has enhanced to support Assume IAM Role and External ID at 6.0.2.

But the customer is asking if can use Assume IAM Role and External ID only instead of using AWS Access Key and Secret Key for AWS integration?

I assume this is not supported? Am I correct?

Thank you.

To assume into an AWS role you need to be authenticated into the account that has been granted access to assume into the role specified.

If Morpheus is hosted in AWS you can apply the IAM to the EC2 instance directly, that way an access key and secret key is not required.

1 Like