Configuration

To integrate multiple AWS accounts from the same organization with the platform:

  1. Log in to AWS.

  2. Create an AWS StackSet, as described here.

    Most of the values and parameters are according to your organization's needs. Use the following values specifically for the platform integration StackSet:

    3. Parameter Value to use
    Permissions Optional configuration
    Template Amazon S3 URL
    Amazon S3 URL https://authomize-cloud-formation.s3.amazonaws.com/authomize_cloud_formation.json
    ExternalId Copy this number from the Platform AWS Integration dialog.
    IncludeAWSIdentityCenter If your organization uses this and you want to integrate it, too, set the value to true.
    Configure StackSet options Skip Step 3.
    Deployment regions Enter one region. Do not install the platform CloudFormation in Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Europe (Milan), Middle East (UAE), or Midde East (Bahrain).
    Deployment options For faster processing, select Parallel Region concurrency.
  3. On the AWS CloudFormation > StackSets page, select the StackSet info tab and verify that the newly created StackSet status is active (was created successfully).
  4. Select the Stack Instances tab.

    5. The AWS Account number can be copied from here.

  5. Complete the integration in the Delinea Platform:
    1. Navigate to Discovery > Entitlement & Threat Sources.
    2. Go to Create and select the AWS option. The Integrate AWS dialog opens.
    3. In the Account Number field, enter the account number, copied from above. If there are multiple account numbers, enter them in comma-delimited format.
    4. (Optional) To also integrate the AWS Identity Center, enter the Management account number. If you are including the Management account number, also add that number in the Account Number field (comma-delimited).

      The AWS IAM Identity Center does not have an associated option. To find entities related to it, filter by source app.

    5. Skip Assume Role.
    6. In the Regions field, to retrieve data from all regions in your organization, leave it empty, or add a comma-delimited list of regions. If you specify regions, data will be retrieved only from those regions listed.
  6. (Optional) You can enter a unique name for this integration.
  7. By default, the integration will be named AWS.
  8. Select Save.
  9. The AWS option is displayed as a connected app. The synchronization process begins, and its status will be shown when it is completed.