Role Deployment

Dotted automates cross-account role deployment using AWS CloudFormation (CFN) and, more specifically, "quick-create links." These links enable Dotted to pass a CFN template along with user-specific parameters, such as the cross-account role, external ID, Dotted ID, and more.

Dotted automates cross-account role deployment using AWS CloudFormation (CFN) and, more specifically, "quick-create links." These links enable Dotted to pass a CFN template along with user-specific parameters, such as the cross-account role, external ID, Dotted ID, and more.

Users only need to click the quick-create link and then click "deploy" to have the role deployed to their AWS account. The CFN templates are stored publicly, allowing users to review them before agreeing to the deployment:

• Read-only role

• Auto-pilot role

(you can read more about these roles in the previous article, here)

During deployment, after role creation, a list of properties is sent to Dotted's management account:

• Dotted ID

• Cross-account role ARN

• Dotted external ID

• User's account ID

• Role type (read-only or auto-pilot)

These properties are stored in Dotted's database. If the deployment occurs during the last step, Dotted will also invite the user's AWS account to join Dotted's AWS Organization. If the user already belongs to an organization, this step will fail. We support existing organizations joining Dotted on a case-by-case basis. Please contact our support team if this applies to you!

Lastly, we offer manual role deployment for customers who cannot work with CloudFormation.

Please contact our support team for more information. support@usedotted.com.