scoutINSPECT - Pipelines: AWS
B
Written by Benjamin Dewey
Updated over a week ago

To integrate AWS with scoutINSPECT follow these steps:

1. Navigate to Pipelines, then under Inputs, click on Amazon Web Services (AWS) (the label will show as Not Configured).

2. On the next page, begin the configuration process if you know and have you AWS Activation Key ID (IAM access key) and your AWS Secret Access Key ID (IAM secret key).


โ€‹

3. Next, enter a Description of the IAM user.

4. When you are finished, click Save.

5. The system will check that you have the correct JSON Access Policies. You will receive a message if setup was successful. (For more on JSON Access Policies see below).


The Configuration page will display information that will guide you through obtaining credentials, adding a user, and assigning its role.


โ€‹Note: scoutINSPECT only requires a read-only user to access and enumerate resources in your environment. It does not and will not ask for additional access to make modifications to your AWS environment.


JSON Access Policies

scoutINSPECT only requires that it be allowed to use the list and get functionality in JSON policies. It does not require any create or delete functionality in any policy.


The necessary polices for scoutINSPECT are:

 ``s3:Get*, s3:List*, ec2:Describe*, lambda:Get*, lambda:List*, apigateway:Get*``
.. code-block:: ini
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*",
"ec2:Describe*",
"lambda:Get*",
"lambda:List*",
"iam:Get*",
"iam:List*",
"apigateway:GET"
],
"Resource": "*"
}
]
}


Related Content

Did this answer your question?