Configuration
AWS Configuration
In AWS get the following role settings:
-
Role name: AuthomizeCrossAccountTrustRole
-
Role policy: aws:iam::aws:policy/SecurityAudit
-
Role trust policy
Role trust policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::291883359082:user/AuthomizeCustomerRoleAssumer"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "enter_unique_value}"
}
}
}
]
}
If you are installing this role on the management account and wish to integrate AWS Identity Center as well, add the following policies to this role, in addition to the security audit policy:
-
arn:aws:iam::aws:policy/AWSSSOReadOnly
-
arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly
If you update the role name, you must add the updated name in the integration dialog.
Do not change the trust policy principal.
Configuration in the Delinea Platform
To configure AWS in the Delinea Platform, follow this procedure:
-
Log in to the Delinea Platform.
-
Navigate to Discovery > Entitlement & Threat Sources.
-
Go to Create, and select the AWS option. The Integrate AWS dialog opens.
-
In the Account Number field, enter the account number, copied from above.
If there are multiple account numbers, enter them in comma-delimited format.
-
(Optional) To also integrate the AWS Identity Center, enter the Management account number.
If you are including the Management Account number, also add that number in the Account Number field (comma-delimited).
-
Skip Assume Role.
-
Leave the Regions field empty if you want to retrieve data from all regions in your organization or add a comma-delimited list of regions.
If you specify regions, data will be retrieved only from those regions listed.
-
-
(Optional) You can enter a unique name for this integration.
By default, the integration will be named AWS.
-
Scroll up at the top of the page, and select Save.
The AWS option is displayed as a connected app. The synchronization process begins, and its status will be shown when it is completed.
