Fix Inventory IAM Role Cloudformation Templates
These templates are used to create an AWS IAM role that has the exact permissions Fix Inventory requires to run. The role template is autogenerated whenever the AWS plugin is updated.
The best starting point is our How to Roll Out Resoto AWS Permissions with CloudFormation how to guide.
If you are only interested in the S3 URIs, here they are: https://fixinventorypublic.s3.amazonaws.com/cf/fixinventory-role.template https://fixinventorypublic.s3.amazonaws.com/cf/fixinventory-stackset.template
The code that generates the role as well as the role template, lives in the AWS Fix Inventory plugin project.
For details we recommend reading the how-to linked above, but the TL;DR is:
AWS_OU="r-7h7x" # Replace with your OU
FIXINVENTORY_ACCOUNT_ID="434236089377" # Replace with your account ID Fix Inventory is running in
aws cloudformation create-stack \
--region us-east-1 \
--stack-name FixInventoryAccess \
--template-url https://fixinventorypublic.s3.amazonaws.com/cf/resoto-stackset.template \
--parameters ParameterKey=DeploymentTargetOrganizationalUnitIds,ParameterValue="$AWS_OU" ParameterKey=FixInventoryAccountID,ParameterValue=$FIXINVENTORY_ACCOUNT_ID