Permissions and security

We connect with your AWS account securely using the AWS Identity and Access Management (IAM) service. We require two policies:

  1. A permissions policy that defines what actions a trusted user can take (like listing EC2 instances and VPCs).
  2. A trust policy that adds Cased as a trusted user.

Connection instructions

1

Open your AWS Management Console

Navigate to the IAM service

2

Create a new permissions policy for Cased

  • Click on Policies on the left-hand navigation pane
  • Click on the Create policy button.
  • Switch to JSON editor instead of visual.

After pasting the following JSON click Next and name the policy CasedPolicy and a brief description, then Create Policy. All actions listed are read-only.

CasedPolicy
{
"Version": "2012-10-17",
"Statement": [
{
    "Sid": "VisualEditor0",
    "Effect": "Allow",
    "Action": [
        "autoscaling:Describe*",
        "cloudformation:Describe*",
        "cloudformation:ListStacks",
        "cloudfront:ListDistributions",
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrail",
        "cloudtrail:GetTrailStatus",
        "cloudtrail:LookupEvents",
        "cloudwatch:GetMetricData",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:GetMetricWidgetImage",
        "cloudwatch:ListMetrics",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "ec2:DescribeInstances",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeSubnets",
        "ec2:DescribeVpcs",
        "ecs:DescribeClusters",
        "ecs:DescribeServices",
        "ecs:DescribeTaskDefinition",
        "ecs:DescribeTasks",
        "ecs:ListClusters",
        "ecs:ListServices",
        "ecs:ListTasks",
        "ecr:DescribeRepositories",
        "ecr:ListImages",
        "ecr:ListTagsForResource",
        "eks:ListClusters",
        "eks:DescribeCluster",
        "eks:ListNodegroups",
        "elasticache:Describe*",
        "elasticache:ListTagsForResource",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticloadbalancing:DescribeLoadBalancers",
        "iam:GetPolicy",
        "iam:GetPolicyVersion",
        "iam:GetRole",
        "iam:ListAttachedRolePolicies",
        "iam:ListPolicies",
        "iam:ListRoles",
        "iam:ListUsers",
        "kms:DescribeKey",
        "kms:ListKeys",
        "lambda:ListFunctions",
        "logs:DescribeLogStreams",
        "logs:DescribeLogGroups",
        "logs:GetLogEvents",
        "rds:DescribeDBInstances",
        "rds:DescribeDBSnapshots",
        "rds:DescribeEvents",
        "rds:ListTagsForResource",
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:GetObject",
        "sns:ListSubscriptions",
        "sns:ListTopics",
        "sqs:ListQueues"
    ],
    "Resource": "*"
}
]
}
3

Create a new IAM role

Click on Roles in the left-hand navigation pane, then click on the Create role button.

4

Set Cased as Trusted Entity

In the Roles setup wizard, set AWS Account as the Trusted entity type. Then select Another AWS Account and enter 495860673956. Then hit Next.

5

Attach Permissions Policy

  • Search by name for the permissions policy you created earlier.
  • Select this permissions policy (with the checkbox), and click Next
  • Give the role a name (like CasedRole) and description, then click Create role.
6

Provide Role ARN (almost done!)

Once the role is created, it will appear in the list of roles in your IAM console.

Search for the newly-created role name, and click on it to get a summary view of the role. You’ll see the Role ARN at the top of the Summary page. It’ll look something like this: arn:aws:iam::995840643156:role/CasedRole

Copy and then enter the Role ARN on the AWS Connections page of Cased, making sure to select the correct region as well.