We would like to avoid using IAM user (access key / secret key) when integrating. as there are more than 30 accounts, it will be a challenge when we need to cycle our key later. i saw we can use assume role, but there’s no detailed instruction on how to setup the assume role and external id.
When configuring your AWS account as a cloud in Morpheus, you will enter the credentials of the user that is allowed to assume into the roles in the other accounts. As well, you’ll enter the Role ARN for the target Cloud you are connecting to, which should have the needed permissions for Morpheus. If your role requires an external ID, enter that as well.
Below is an example of an account I have added using credentials from my management account and the Role ARN from a child account in AWS Organizations. I don’t use the external ID in my example but you can populate that as well, if that is a requirement. If successful, and the proper permissions are on the assumed role, the VPCs should populate for the cloud or at least not mention an error about your credentials.
Hope that helps!