AWS

Integration with AWS
To provide data tailored to your organization, we require limited, read-only access to information about your AWS infrastructure.
This is done securely using AWS's Identity and Access Management (IAM) with two policies: a permissions policy and a trust policy. The permissions policy defines what actions a trusted user can take (like listing EC2 instances and VPCs), and the trust policy adds Cased as a trusted user. We list all the permissions below in the policy statement.
  1. 1.
    Sign in to the AWS Management Console
  • Sign in to your AWS Management Console.
  • Navigate to the IAM service.
  1. 2.
    Create a new permissions policy for Cased
  • Click on "Policies" on the left-hand navigation pane
  • Click on the "Create policy" button.
  • Switch to JSON editor instead of visual.
  • Paste the following JSON, then click "Next" and give the policy a name (CasedPolicy) and description. Then click "Create policy".
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:ListStacks",
"cloudfront:ListDistributions",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrail",
"cloudtrail:GetTrailStatus",
"cloudtrail:GetTrailStatus",
"cloudtrail:LookupEvents",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTasks",
"elasticache:Describe*",
"elasticbeanstalk:DescribeEnvironments",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:ListAttachedRolePolicies",
"iam:ListPolicies",
"iam:ListRoles",
"iam:ListUsers",
"kms:DescribeKey",
"kms:ListKeys",
"lambda:ListFunctions",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:GetLogEvents",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sns:ListSubscriptions",
"sns:ListTopics",
"sqs:ListQueues"
],
"Resource": "*"
}
]
}
  1. 3.
    Create a new IAM Role
  • Click on "Roles" in the left-hand navigation pane, then click on the "Create role" button.
  1. 4.
    Specify Trusted Entity
  • On the "Create role" page, select "AWS Account", and then "Another AWS account" as the trusted entity type, and provide our AWS account ID: 495860673956. Click "Next."
  1. 5.
    Attach Permissions Policy
  • Now, search by name for the permissions policy you created earlier.
  • Select this permissions policy (with the checkbox), and click "Next"
  • Now, give the role a name (like "CasedRole") and description, then click "Create role".
  1. 6.
    Provide Role ARN
  • Almost done! Once the role is created, it will appear in the list of roles in your IAM console.
  • Search for the newly-created role name, and click on it to get a summary view of the role. You'll see the Role ARN at the top of the Summary page. It'll look something like this: arn:aws:iam::995840643156:role/CasedRole
  • Copy and then enter the Role ARN on the AWS Connections page of Cased, making sure to select the correct region as well.