Skip to main content

AWS IAM

Maarten Decat
Updated

The AWS IAM connector for Elimity Insights fetches users, groups, roles and policies for an Amazon AWS account so you can keep in control of your environment.

Follow the instructions below to set up the connector for your environment.

How it works

  • Elimity Insights periodically fetches users, groups, roles and policies for an Amazon AWS account.
  • Write Elimity Insights queries to review and monitor updates to the data, or leverage existing queries.
  • Configure these stored queries to take action when the Elimity Insights data changes.

Integration requirements

Setting up an AWS IAM source in Elimity Insights requires:

  • an Amazon AWS account to create a dedicated AWS IAM user, and
  • a user in Elimity Insights with the role Connector Admin or higher.

Integration instructions

Follow the steps below to set up an AWS IAM source in Elimity Insights:

  1. As a first step, we recommend to create a dedicated AWS IAM user for the connector. This allows you to grant it a minimal amount of privileges. Sign in to your AWS console and navigate to the IAM service by clicking on 'Services > Security, Identity & Compliance > IAM' in the top-left corner. Visit the users page via the 'Access management > Users' item in the menu on the left-hand side. Press the 'Add users' button in the top-right corner. Provide a name for the new user, e.g. 'elimity-insights'. For the AWS access type, tick the checkbox next to 'Access key - Programmatic access'. Click the 'Next - Permissions' button in the bottom-right corner.

  2. This connector only requires read access to the IAM console. Therefore, we recommend to assign a single policy directly to the newly created user. Click the on the 'Attach existing policies directly' button, and search for the 'IAMReadOnlyAccess' policy. Tick the checkbox in this table row and click on the 'Next - Tags' button in the bottom-right corner. This connector does not use any tags, so you can skip ahead by clicking the 'Next - Review' button. Review the configuration details and press the 'Create user' button. Having reached the last step in AWS's user creation process, you can now copy the 'Access key ID' and 'Secret access key' values into the appropriate configuration fields for this connector.

Troubleshooting

The security token included in the request is invalid.

This error indicates that the provided access key does not exist, or it has been deactivated. Make sure you copied the ‘Access key ID’ field correctly.

The request signature we calculated does not match the signature you provided.

This error indicates that the provided access key exists and is active, but the secret value is invalid.

Changelog

v3.18.0

  • Added out-of-the-box controls.

Comments

0 comments

Article is closed for comments.

Powered by Zendesk