AWS IAM

Create a policy

• Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account

• In the navigation pane on the left, choose Policies and then choose Create policy

• In the Policy editor section, find the Select a service section, then choose IAM service, and select Next

• In Actions allowed, choose the below actions to add to the policy:

  • Read > GetUser

  • Read > GetPolicyVersion

  • Read > GetPolicy

  • Read > GetUserPolicy

  • List > ListUserPolicies

  • List > ListAttachedGroupPolicies

  • List > ListAttachedUserPolicies

  • List > ListGroups

  • List > ListUsers

  • List > ListGroupsForUser

• For Resources, choose All and select Create policy to save the new policy

Create a user

• Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account

• In the navigation pane on the left, choose Users and then choose Create user

• On the Specify user details page, under User details, in User name, enter the name for the new user, example iam-connector-user and select Next

• On the Set permissions page, select Attach policies directly and choose the policy created in above steps

• Select Next

• Once the user is created, select it, and from the user page, choose Create access key

• Select Other then Next

• Enter a description if you wish and select Create access key

• The Access and Secret Access Keys have now been created. These can be downloaded as a CSV, and also copied from this section. NOTE: the secret access key cannot be viewed once you leave this page

Configuring AWS IAM connector in Dashboard

• Navigate to Administration -> Data Sources -> AWS IAM -> New scan

• Provide the access key and secret access key values generated in the above steps

• Save the configuration

• Once the configuration is saved, click on the icon on the right and select Start trustee scan to begin the scanning

• The scan results can be viewed under Dashboard -> Access Governance