Onboard Your AWS Account

To allow CeTu to securely connect to your AWS environment, you’ll need to configure a cross-account IAM role with the appropriate permissions. This setup uses an External ID for added security and follows AWS's least privilege best practices.

‍What You'll Need

1. External ID

CeTu provides you with a unique External ID (GUID) during onboarding. You can always obtain it directly from your CeTu representative.

2. IAM Role

You’ll need to create an IAM Role in your AWS account that CeTu can assume. This role will:

  • Be trusted by CeTu’s AWS account (you’ll get the account ID from CeTu)
  • Require the External ID for added security
  • Have a policy attached that grants only the permissions CeTu needs‍

How to Set It Up‍

To configure the role use the CeTu-provided CloudFormation template for quick and secure setup. Contact our team to get the CFT - CloudFormation template. The CloudFormation template automates:

  • Creating the IAM role
  • Defining the trust relationship with CeTu’s AWS account
  • Attaching a policy with least-privilege permissions

This is the fastest and safest way to get started. You’ll just need to:

  • Launch the template in your AWS console
  • Paste in the External ID and CeTu’s AWS Account ID when prompted

Security-First Design‍

CeTu’s cross-account access policy adheres to AWS's principle of least privilege, ensuring:

  • Only the necessary resources are accessible
  • Access is restricted by condition (External ID)
  • Permissions can be transparently reviewed and revoked by you at any time