To be able to read the the resources in the AWS cloud account, Accurics needs appropriate permissions. Accurics recommends provisioning an IAM (Identity and Access Management) Role in the target AWS cloud account and configuring it for Accurics to read the resources in the same account.
To do so, please follow the instructions mentioned below,
- Login to AWS web console with a user account that can create IAM Roles.
- Go to Identity and Access Management (IAM) > Roles.
- Click Create Role button. Select Another AWS Account as a type of trusted entity OR directly access this URL while logged in to the AWS Console.
- In the Account ID field, mention
336414800751and click the Next: Permissions button. (This number may be different if you use a URL other than https://app.acccurics.com. Contact your Accurics representative as appropriate)
- On the Attach permission policies page, search for ReadOnlyAccess and sort the resulting list in descending order by clicking the Policy name column header.
- Select the ReadOnlyAccess policy as shown in the picture above.
- Expand the Set permissions boundary section and make sure Create role without a permission boundary option is selected.
- Click Next: Tags button.
- On the Add tags (Optional) page, specify tag key and value and click the Next: Review button.
- On the Review page, specify the appropriate role name and click Create Role button.
The role is now ready. Go back to the roles list, search and open the role created above and note down the Role ARN value mentioned under the Summary section.