Role Deployment

Pump automates cross-account role deployment using AWS CloudFormation (CFN) and, more specifically, "quick-create links." These links enable Pump to pass a CFN template along with user-specific parameters, such as the cross-account role, external ID, Pump ID, and more.

Pump automates cross-account role deployment using AWS CloudFormation (CFN) and, more specifically, "quick-create links." These links enable Pump to pass a CFN template along with user-specific parameters, such as the cross-account role, external ID, Pump ID, and more.

Users only need to click the quick-create link and then click "deploy" to have the role deployed to their AWS account. The CFN templates are stored publicly, allowing users to review them before agreeing to the deployment:

(you can read more about these roles in the previous article, here)

During deployment, after role creation, a list of properties is sent to Pump's management account:

  • Pump ID

  • Cross-account role ARN

  • Pump external ID

  • User's account ID

  • Role type (read-only or auto-pilot)

These properties are stored in Pump's database. If the deployment occurs during the last step, Pump will also invite the user's AWS account to join Pump's AWS Organization. If the user already belongs to an organization, this step will fail. We support existing organizations joining Pump on a case-by-case basis. Please contact our support team if this applies to you!

Lastly, we offer manual role deployment for customers who cannot work with CloudFormation.

Please contact our support team for more information. support@pump.co

Last updated