CloudFormation IAM Role Setup

This setup method leverages an AWS CloudFormation Template that creates an IAM role in AWS. The JSON template is accessed from the Cloud Provider Integration setup form in Virtana Platform. Using this template is the simplest and quickest of the three AWS integration setup methods and is recommended over the other setup methods.

You can view a list of permissions granted by the IAM role.

About This Task

When you use the CloudFormation Template to create a new AWS Integration in Virtana Platform, the template creates an AWS stack and populates a read-only IAM role in your AWS account. The IAM role is linked to Virtana Platform using the integration’s Account ID and External ID. Once created, it may take a few minutes for the integration status to be updated.


You must have enabled Cost Explorer and created a Cost and Usage Report in AWS.

You must have administrator access to both the Virtana Platform and the AWS consoles.


  1. In Virtana Platform:

    1. Navigate to Settings>Integrations>Cloud Providers.

    2. Click Add Integration and select the appropriate integration type.

    3. Optional: Enter a descriptive name for the integration instance to identify its purpose.

      If no name is given, Virtana Platform provides a unique default name.

  2. Under AWS Authentication, select the IAM role authentication type, and then click the link to Open script in AWS.

    This opens a new tab in AWS.


    Keep Virtana Platform open to the integration setup.

  3. In AWS, do the following:

    1. Check I acknowledge that AWS CloudFormation might create IAM resources.

    2. Select Create Stack.

      This process may take a few minutes. Wait for the stack to say CREATE_COMPLETE before proceeding to the next section.

    3. Select the stack you just created, navigate to the Outputs tab, and copy the Role ARN Value.

      Image of AWS UI showing location of the Role ARN
  4. In the Virtana Platform integration setup form, paste the Role ARN value into the IAM Role ARN field and click Save.

    Make sure there are no extra spaces after you have pasted the value into the field.

  5. Navigate to AWS Cost Management > Reports and click the name of the report to be used by Virtana Platform as the source of detailed billing data.

  6. On the Report Details page, make note of the S3 bucket name and the report path prefix.

  7. In Virtana Platform, enter the S3 bucket name and report path prefix in the Enable Detailed Billing Analysis field.

This completes the CloudFormation setup. If you want to add linked accounts, see Create Linked Accounts.


After creating your IAM role, wait 2-5 minutes for AWS to finalize its creation before proceeding to the next steps. This ensures the new role has the correct S3 access permissions when added to Virtana Platform.