Skip to main content
Status: Coming Soon
Auth: IAM Role (cross-account assume role)
Syncs: IAM users/roles/policies, MFA status, S3 buckets, EC2 instances, CloudTrail, Config rules, GuardDuty findings, Access Analyzer

Overview

AWS uses IAM Role-based authentication (not OAuth). SecurAtlas will assume a cross-account role in your AWS account with read-only permissions. This is the AWS-recommended pattern for third-party integrations.

Required IAM Permissions

When this integration launches, you’ll need to create an IAM role with these read-only permissions: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:ListUsers",
        "iam:ListRoles",
        "iam:ListPolicies",
        "iam:GetAccountPasswordPolicy",
        "iam:GenerateCredentialReport",
        "iam:GetCredentialReport",
        "ec2:DescribeInstances",
        "ec2:DescribeSecurityGroups",
        "s3:ListAllMyBuckets",
        "s3:GetBucketAcl",
        "s3:GetBucketPolicy",
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus",
        "config:DescribeConfigRules",
        "config:DescribeComplianceByConfigRule",
        "guardduty:ListDetectors",
        "guardduty:ListFindings",
        "guardduty:GetFindings",
        "accessanalyzer:ListAnalyzers",
        "accessanalyzer:ListFindings"
      ],
      "Resource": "*"
    }
  ]
}
Detailed setup instructions will be added when this integration launches. Contact support@securatlas.com to be notified when AWS goes live.