Integrating AWS with the Delinea Platform (PCCE)

Integrating AWS with the Delinea Platform enables Privilege Control for Cloud Entitlements (PCCE) so you can discover identities, groups, and assets on your AWS account.

AWS can be integrated for specific accounts or an entire organization, and your integration can also include the IAM Identity Center.

The integration operates by utilizing an assumed role on AWS, as per the following:

• The platform generates a role on AWS for initial integration and ongoing use.

• The platform randomly generates a unique ExternalID for each customer (as recommended by AWS).

• To make the connection more secure, the platform supplies the AWS role with a unique ExternalID

• All the integrations use assumed role-based integration.

You can integrate AWS in the following ways:

• Integrating Individual AWS Accounts (via CloudFormation)

  • Create a role for each account

  • Allow a platform user to access the role.

• Integrating Multiple AWS Accounts (via CloudFormation StackSets)

  • Create a role and assign it to all your accounts.

  • Allow a platform user to access the role.

• Integrating Individual AWS Accounts via Third-Party Tools

  • Create roles to integrate with the platform.

• Integrating AWS Identity Center with the Delinea Platform (PCCE)

  • This can be done as part of the CloudFormation integrations.