diff --git a/deploy/cloudformation/elastic-agent-direct-access-key-cspm.yml b/deploy/cloudformation/elastic-agent-direct-access-key-cspm.yml
new file mode 100644
index 0000000000..114f646d93
--- /dev/null
+++ b/deploy/cloudformation/elastic-agent-direct-access-key-cspm.yml
@@ -0,0 +1,48 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Description: Creates elastic-agent cspm user, role, and access key, and outputs the access key
+
+Parameters: {}
+
+Resources:
+  ElasticCSPMUser:
+    Type: "AWS::IAM::User"
+    Properties:
+      UserName: "elasticagent-cspm"
+
+  # IAM Role to assume for Management Account
+  ElasticCSPMRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: cloudbeat-root
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Principal:
+              AWS: !GetAtt ElasticCSPMUser.Arn
+            Action:
+              - sts:AssumeRole
+      Path: /
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/SecurityAudit
+
+  ElasticCSPMAccessKey:
+    Type: "AWS::IAM::AccessKey"
+    Properties:
+      UserName: !Ref ElasticCSPMUser
+
+
+Outputs:
+  AccessKeyId:
+    Description: "Access Key ID"
+    Value: !Ref ElasticCSPMAccessKey
+    Export:
+      Name: "AccessKeyId"
+
+  SecretAccessKey:
+    Description: "Secret Access Key"
+    Value: !GetAtt ElasticCSPMAccessKey.SecretAccessKey
+    Export:
+      Name: "SecretAccessKey"
+