AWS
Connect Teleskope to your AWS Accounts
Requirements
For each AWS Account you'd like to enroll
Name | Description |
---|---|
Teleskope Role | Create an IAM role for Teleskope to assume using Terraform or on the AWS Console |
Create a Teleskope Role using Terraform
Variable | Description | Example |
---|---|---|
origin_aws_account_id | (Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with | "012345678912" |
##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################
resource "aws_iam_role" "teleskope" {
name = "TeleskopeRole"
path = "/system/"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "AWS"
identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
}
}
}
resource "aws_iam_role_policy" "account_policy" {
role = aws_iam_role.teleskope.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
],
"Resource": "*"
}
]
}
EOF
}
Create a Teleskope Role using the AWS Console
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
- In the navigation pane of the console, choose Roles and then choose Create role
- Choose Custom Trust Policy as the Trusted Entity Type
- Replace the custom trust policy with:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::{origin_aws_account_id}:root" }, "Action": "sts:AssumeRole" } ] }
Updated about 1 month ago