Permissions and security

We connect with your AWS account securely using the AWS Identity and Access Management (IAM) service. We require two policies:

  1. A permissions policy that defines what actions a trusted user can take (like listing EC2 instances and VPCs).
  2. A trust policy that adds Cased as a trusted user.

Connection instructions

1

Open your AWS Management Console

Navigate to the IAM service

2

Create a new permissions policy for Cased

  • Click on “Policies” on the left-hand navigation pane
  • Click on the “Create policy” button.
  • Switch to JSON editor instead of visual.

After pasting the following JSON click Next and name the policy CasedPolicy and a brief description, then Create Policy. All actions listed are read-only.

CasedPolicy
{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "autoscaling:Describe*",
            "cloudformation:Describe*",
            "cloudformation:ListStacks",
            "cloudfront:ListDistributions",
            "cloudtrail:DescribeTrails",
            "cloudtrail:GetTrail",
            "cloudtrail:GetTrailStatus",
            "cloudtrail:GetTrailStatus",
            "cloudtrail:LookupEvents",
            "cloudwatch:GetMetricData",
            "cloudwatch:GetMetricStatistics",
            "cloudwatch:GetMetricWidgetImage",
            "cloudwatch:ListMetrics",
            "dynamodb:DescribeTable",
            "dynamodb:ListTables",
            "ec2:DescribeInstances",
            "ec2:DescribeNetworkInterfaces",
            "ec2:DescribeSecurityGroups",
            "ec2:DescribeSubnets",
            "ec2:DescribeVpcs",
            "ecs:DescribeClusters",
            "ecs:DescribeServices",
            "ecs:DescribeTaskDefinition",
            "ecs:DescribeTasks",
            "ecs:ListClusters",
            "ecs:ListServices",
            "ecs:ListTasks",
            "elasticache:Describe*",
            "elasticbeanstalk:DescribeEnvironments",
            "elasticloadbalancing:DescribeLoadBalancers",
            "iam:GetPolicy",
            "iam:GetPolicyVersion",
            "iam:GetRole",
            "iam:ListAttachedRolePolicies",
            "iam:ListPolicies",
            "iam:ListRoles",
            "iam:ListUsers",
            "kms:DescribeKey",
            "kms:ListKeys",
            "lambda:ListFunctions",
            "logs:DescribeLogStreams",
            "logs:DescribeLogGroups",
            "logs:GetLogEvents",
            "rds:DescribeDBInstances",
            "rds:DescribeDBSnapshots",
            "rds:DescribeEvents",
            "rds:ListTagsForResource",
            "s3:GetBucketLocation",
            "s3:ListAllMyBuckets",
            "s3:ListBucket",
            "sns:ListSubscriptions",
            "sns:ListTopics",
            "sqs:ListQueues"
        ],
        "Resource": "*"
    }
  ]
}
3

Create a new IAM role

Click on “Roles” in the left-hand navigation pane, then click on the “Create role” button.

4

Attach Permissions Policy

  • Search by name for the permissions policy you created earlier.
  • Select this permissions policy (with the checkbox), and click “Next”
  • Give the role a name (like “CasedRole”) and description, then click “Create role”.
5

Provide Role ARN (almost done!)

Once the role is created, it will appear in the list of roles in your IAM console.

Search for the newly-created role name, and click on it to get a summary view of the role. You’ll see the Role ARN at the top of the Summary page. It’ll look something like this: arn:aws:iam::995840643156:role/CasedRole

Copy and then enter the Role ARN on the AWS Connections page of Cased, making sure to select the correct region as well.

List deploymentsDatadog