Script to add a new cross-account role

  • 22 August 2023
  • 4 replies

I have an organization setup in AWS with many accounts and we will spin up and down accounts based on certain criteria so we have the requirement to get our AWS models on accounts and I currently have to manually go create/add the new cross-account role in Lucid.  The role is created in our AWS accounts automatically using a CloudFormation StackSet so the role is there I just need an automated way to create the cross-account role in Lucid instead of using the GUI.  We don't have to use the CLI method for this as we want the role to be what we use.  Is there a script/api call or some other method we can use with Lucid to automate this?


Badge +1

Hello William.

We offer SCIM endpoints for User and Group management that are documented here  and here . If these endpoints don't provide the functionality you need or other ways (ex. Rest Apis) to manage these resources would be helpful please let us know.  This feedback helps us prioritize the development of future endpoints.

You can provide this feedback by selecting "Request Feature" at our developer documentation here: or by selecting the link below.

I don't think I was clear.  I'm not looking to add users or groups to lucid.  I'm trying to use Lucidscale and to use that you have to add an AWS account.  The first step is to create a role in the AWS account(s).  I have done this in all of my AWS accounts.  The 2nd step is to add the AWS account role to Lucid by entering the AWS role name and role ARN.  This is the part that I would like to do through an API or script of some sort.  

Userlevel 3
Badge +7

Hi @william.starling thank you for clarifying. Currently our Public APIs do not support the automation of importing to the Data Hub specifically the AWS cross-account role import. Steps 2 3 & 4 of our AWS cross-account role import instructions do indeed require manual intervention by the Lucid user.

We understand the importance of automation especially in dynamic environments like AWS. Your feedback is invaluable as we consider expanding our API offerings. Could you provide more details about your use case and the specific functionalities you'd like to see integrated into our Public API? This will help us better prioritize and tailor our future developments to meet the needs of our users.

Thank you for your patience and understanding.

What we have currently set up without going into proprietary details is an automated way to stand up new accounts.  We essentially provide specific details (owner email and name type of env like dev prod etc.) and our process will go and create the new accounts.  This can be completely automated once we start it and we'd like to have a way to add in functionality (script API etc.) to have the role imported into our Lucid account without actually having to manually sign-in to each new AWS account and copy/paste the role ARN/name.  We won't need every AWS account connected with Lucid but there certainly are accounts that we would want this.  If there was a way to utilize some sort of script or API to do this then we could add that to our automated process and truly have it start to finish with no intervention (if we choose to)