Step 3: Create and scan a Cloud Environment (Web UI)
Recap You have created the Snyk IAM role. Now you can create and scan a Cloud Environment.
To create and scan a Cloud Environment, you must provide the role’s Amazon Resource Name (ARN). Then you can finish onboarding the environment.
Find the role ARN
The role ARN should follow this format unless you changed the name of the role in the Terraform or CloudFormation template:
If you do not know your Amazon Web Services (AWS) account ID, or if you changed the name of the IAM role in the Terraform or CloudFormation template, you can find the role ARN using the AWS CLI or the AWS Management Console.
Find the role ARN using the AWS CLI
To find the ARN of the Snyk Cloud IAM role using the AWS CLI, retrieve the role details, replacing snyk-cloud-role
with the name of your role if you changed it:
The output looks like this:
Find the role ARN using the AWS Management Console
Log in to the AWS Management Console.
Navigate to Identity and Access Management.
In the left sidebar, select Roles.
On the Roles page, search for
snyk-cloud-role
or substitute the name of your role if you changed it:
5. Select the role.
6. On the role details page, in the Summary section, find and copy the ARN:
Create and scan the AWS Environment
In the Snyk Web UI Add AWS Environment modal where you downloaded the IAM role template, enter your role ARN in the IAM role ARN field.
Optionally, enter an environment name. If one is not provided, Snyk will use your AWS account alias.
Select Approve and begin scan.
You will see a confirmation message: "AWS environment successfully added." Select Add another environment to return to the Add AWS Environment modal and onboard a new account, or select Go to settings if you are finished:
What's next?
You can now do the following:
View the cloud configuration issues Snyk finds. See Cloud and IaC+ issues.
Prioritize your vulnerabilities with cloud context.
Last updated