AWS IAM Streaming Configuration
This guide provides steps on how to enable real-time data streaming for a AWS IAM connection and monitor streaming events within the Getvisibility platform.
Create a policy
In the navigation pane on the left, choose Policies and then choose Create policy

In the Policy editor section, find the Select a service section, then choose IAM service, and select Next

In Actions allowed, choose the below actions to add to the policy:
GetPolicy
GetUserPolicy
ListUserPolicies
ListAttachedGroupPolicies
ListAttachedUserPolicies
ListGroups
ListUsers
ListGroupsForUser
PutRolePolicy
TagRole
GetGroup
GetRole
CreateRole
Choose SNS service and select the below actions:
CreateTopic,
DeleteTopic,
TagResource,
SetTopicAttributes,
Subscribe,
ConfirmSubscription
Choose Event Bridge service and select the below actions:
TagResource
PutTargets
EnableRule
PutRule
UntagResource
ListTargetsByRule
RemoveTargets
DeleteRule
Choose EC2 sercice and select the below action:
DescribeRegions
For Resources, choose All and select Create policy to save the new policy
Create a user
Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account
In the navigation pane on the left, choose Users and then choose Create user

On the Specify user details page, under User details, in User name, enter the name for the new user, example iam-connector-user and select Next

On the Set permissions page, select Attach policies directly and choose the policy created in above steps

Select Next
Once the user is created, select it, and from the user page, choose Create access key

Select Other then Next

Enter a description if you wish and select Create access key

The Access and Secret Access Keys have now been created. These can be downloaded as a CSV, and also copied from this section. NOTE: the secret access key cannot be viewed once you leave this page

Configuring AWS IAM connector in Dashboard
Navigate to Administration -> Data Sources -> AWS IAM ->Credentials - New credentials
Provide the access key and secret access key values generated in the above steps and select Save & Create Scan

Make sure the connection has a Name and Credentials set then click on Data streaming toggle and click Save & Close to finalize the changes

Clock icon: When data streaming is being activated, the "Requested" status will appear, indicating that the subscription is being processed. Once the subscription is activated, this status will change to "On".
After enabling Data Streaming, the system will automatically handle the subscription to AWS Iam’s real-time events. There is no need to manually configure Webhooks.

Monitoring Real-Time Events
After the subscription is activated, real-time events will start flowing into the platform, and can be monitored from the relevant parts of the platform.
Viewing Events in the Live Events Section
Go to the Live Events section under Administration to view a detailed audit log of all streaming events.
Filter by source to get only AWS IAM events
Monitoring Extended Streaming Events
Once extended streaming is enabled, events will be available for monitoring in multiple sections of the platform:
Live Events Section
Go to Live Events under Administration to view real-time extended events.
Use the filter options to narrow down events to only AWS IAM activities.
Last updated
Was this helpful?