I want to use GCP Stackdriver for my AWS accounts. When I go to my workspace settings and click the "Add AWS Account" it gives the following instructions:
Log in to your Amazon IAM console and click Roles
Click "Create New Role"
Select the role type "Another AWS account"
Check the box "Require external ID"
Enter the following:
Account ID: 123456789012
External ID: ab12345678
Require MFA: unchecked
Click "Next: Permissions".
Select "ReadOnlyAccess" from the policy template list and click "Next: Review"
Enter a "Role Name" such as Stackdriver and click "Create Role"
Select the "Role Name" you just entered from the role list to see the summary page
Copy the "Role ARN" value and paste it in the AWS Role ARN field below
I tried that on my AWS account but it's obvious that the IDs aren't real. How can I get the IDs to create my AWS link account?
I'm the GCP project's owner and have permissions to create projects too.
Thanks
By looking the steps mentioned you are trying this document; The ID's are exactly the ones that Stackdriver monitoring is telling you to use to create the role on AWS.
There is some issue with the new UI for Stackdriver Monitoring. To workaround this issue please follow this steps:
On stackdriver Monitoring console you will see a banner at the top
"Stackdriver Monitoring in the Google Cloud Console is Generally Available. This is now the default experience and will be the only experience available by the end of January 2020"
Once you get the old interface, go to Workspace Settings (located in your project name on the top/left side of the screen) --> Monitored accounts --> Add AWS account. There you will be able to get the correct Account ID and External ID for your OWN Stackdriver Workspace.
Then continue the steps as the guide say by creating the role on AWS and sharing the ARN to Stackdriver.