Integrations/Amazon Web Services (AWS)/Setup Guide
Setup Guide

Amazon Web Services (AWS) Setup Guide

Follow the steps below to connect, authorize, verify, and schedule collection. If you want help mapping exports to your environment, book a walkthrough.

At a Glance
ConnectionDirect connection
CategoryCloud
Guide3 steps
Need help?
We will map modules and reviewer-ready exports to your process.

Steps

Use these as a starting point, then verify collection inside Aurora.

  1. 1
    Create a cross-account role with trust policy allowing your AWS principal and attach the AWS managed **SecurityAudit** and **AWSBackupReadOnlyAccess** policies.
  2. 2
    Provide role_arn and external_id (and optionally a regions allowlist in connection config).
  3. 3
    Validate by calling STS AssumeRole and fetching IAM account summary.

Credentials

The inputs Aurora needs to authorize and collect proof.

account_idrole_arnexternal_id

Permissions

Aurora requests only the minimum access needed for collection and checks.

Permissions depend on the selected collection mode and configured scope.