Configuration

To integrate multiple AWS accounts from the same organization with the platform:

  1. Log in to AWS.

  2. Create an AWS StackSet, as described here.

    Most of the values and parameters are according to your organization's needs. Use the following values specifically for the platform integration StackSet:

    3. Parameter Value to use
    Permissions Optional configuration
    Template Amazon S3 URL
    Amazon S3 URL https://authomize-cloud-formation.s3.amazonaws.com/authomize_cloud_formation.json
    ExternalId Copy this number from the Platform AWS Integration dialog.
    IncludeAWSIdentityCenter If your organization uses this and you want to integrate it, too, set the value to true.
    Configure StackSet options Skip Step 3.
    Deployment regions Enter one region. Do not install the platform CloudFormation in Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Europe (Milan), Middle East (UAE), or Midde East (Bahrain).
    Deployment options For faster processing, select Parallel Region concurrency.
  3. On the AWS CloudFormation > StackSets page, select the StackSet info tab and verify that the newly created StackSet status is active (was created successfully).
  4. Select the Stack Instances tab.

    5. The AWS Account number can be copied from here.

  5. Complete the integration in the Delinea Platform:
    1. Navigate to Discovery > Entitlement & Threat Sources.
    2. Go to Create and select the AWS option. The Integrate AWS dialog opens.
    3. In the Account Number field, add account numbers if you wish to focus on specific accounts, or leave empty to automatically list all active accounts under the organization. See Listing of Org Accounts for more details.

      4. If there are multiple account numbers, enter them in comma-delimited format.

    4. (Optional) To integrate AWS Identity Center or allow the system to automatically list organization account, the role must be installed on the management account and include AWS Identity Center permission.

      The AWS IAM Identity Center does not have an associated option. To find entities related to it, filter by source app.

    5. Skip Assume Role.
    6. In the Regions field, to retrieve data from all regions in your organization, leave it empty, or add a comma-delimited list of regions. If you specify regions, data will be retrieved only from those regions listed.
  6. (Optional) You can enter a unique name for this integration.
  7. By default, the integration will be named AWS.
  8. Select Save.
  9. The AWS option is displayed as a connected app. The synchronization process begins, and its status will be shown when it is completed.