AWS

Connect Teleskope to your AWS Accounts

Suggest Edits

Create Teleskope Role

Create a Teleskope role in each AWS account that you would like Teleskope to scan. This role will be assumed from the AWS Account where Teleskope is deployed.

Terraform

VariableDescriptionExample
origin_aws_account_id(Required) AWS Account ID where Teleskope is deployed."012345678912"
##################################################################
# The role Teleskope will assume to from the origin AWS account. #
##################################################################

resource "aws_iam_role" "teleskope" {
  name               = "TeleskopeReadOnlyRole"
  path               = "/system/"
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
    }
  }
}

resource "aws_iam_role_policy" "account_policy" {
  role       = aws_iam_role.teleskope.id
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups",
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Updated 10 months ago

What’s Next

Connect and grant Teleskope access to AWS Data Stores