2

I have two AWS account , I was able to set AWS integration for the first account using Terraform, but when I try to create AWS integration for my second account I am having an error.

I have created a role with in-line policy and we do not have a cross account set up.

! Datadog is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole. See http://docs.datadoghq.com/integrations/aws/

Trust Relationship:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "xxxxxxxxxxxxxxxxxxxxxxxxxx"
        }
      }
    }
  ]
}

Can anyone please guide me how to solve this error?

kenlukas
  • 3,616
  • 9
  • 25
  • 36
user6826691
  • 1,813
  • 9
  • 37
  • 74
  • 1
    I wasn't aware that you could use terraform to set up the Datadog AWS integration (am I understanding your question correctly?). But you shouldn't have any troubles adding multiple AWS accounts to your Datadog AWS integration. Should work the same from one account to the other. [Have you seen this part of the guide](https://docs.datadoghq.com/integrations/aws/#installation)? – stephenlechner Aug 15 '17 at 17:22
  • yes, i don't have cross account access set up for these two accounts, and datadog recommends that, may be thats the issue i am not sure though – user6826691 Aug 15 '17 at 18:04

1 Answers1

5

The role arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole also has to have permission to assume the role on the other account.

You'll have to update the DatadogAWSIntegrationRole on the primary account to include:

{
"Version": "2012-10-17",
"Statement": [
                ...
                {
                    "Effect": "Allow",
                    "Action": "sts:AssumeRole",
                    "Resource": "arn:aws:iam::xxxxxxxxxxxx:role/AssumedRoleForDataDogInOtherAccount"
                }
            ]
}
mhumesf
  • 441
  • 3
  • 11