AWS account setup on UCM with Role and Permissions

1.png

 

 

2.png

 

 

Following are the steps to setup AWS read-only access role with ARN

 

3.png

 

 

4.png

 

5.png

 

6.png

 

7.png

 

8.png

 

 

9.png

 

 

 

10.png

 

 

Following IAM permissions are to be granted to the role for read-only access

 

{ 
   "Version":"2012-10-17",
   "Statement":[
      {
         "Action":[
            "S3:ListBucket",
            "S3:GetObject"
         ],
         "Effect":"Allow",
         "Resource":"arn:aws:s3:::Cloudtrail*"
      },
      {
         "Action":[
            "cloudwatch:Describe*",
            "cloudwatch:Get*",
            "cloudwatch:List*",
            "cloudsearch:Describe*",
            "cloudsearch:Get*",
            "cloudsearch:List*",
            "dynamodb:DescribeTable",
            "dynamodb:ListTables",
            "ec2:Describe*",
            "elasticache:Describe*",
            "elasticache:List*",
            "iam:List*",
            "iam:Get*",
            "redshift:Describe*",
            "rds:Describe*",
            "rds:ListTagsForResource",
            "swf:List*",
            "swf:Describe*",
            "cloudtrail:DescribeTrails",
            "cloudtrail:GetTrailStatus",
            "autoscaling:Describe*",
            "autoscaling:List*",
            "autoscaling:Get*",
            "elasticloadbalancing:Describe*",
            "s3:Get*",
            "s3:List*",
            "sqs:Get*",
            "sqs:List*",
            "route53:Get*",
            "route53:List*",
            "opsworks:Describe*",
            "opsworks:Get*",
            "elasticbeanstalk:List*",
            "elasticbeanstalk:Describe*",
            "cloudfront:List*",
            "cloudfront:Get*",
            "kinesis:Describe*",
            "kinesis:Get*",
            "kinesis:List*",
            "machinelearning:Describe*",
            "machinelearning:Get*",
            "elasticmapreduce:Describe*",
            "elasticmapreduce:List*",
            "sns:Get*",
            "sns:List*",
            "storagegateway:Describe*",
            "storagegateway:List*",
            "workspaces:Describe*"
         ],
         "Effect":"Allow",
         "Resource":"*"
      }
   ]
}

 

 

 

 

 

 

Powered by Zendesk