AWS

Integration with AWS

To provide data tailored to your organization, we require limited, read-only access to information about your AWS infrastructure.

This is done securely using AWS's Identity and Access Management (IAM) with two policies: a permissions policy and a trust policy. The permissions policy defines what actions a trusted user can take (like listing EC2 instances and VPCs), and the trust policy adds Cased as a trusted user. We list all the permissions below in the policy statement.

  1. Sign in to the AWS Management Console

  • Sign in to your AWS Management Console.

  • Navigate to the IAM service.

  1. Create a new permissions policy for Cased

  • Click on "Policies" on the left-hand navigation pane

  • Click on the "Create policy" button.

  • Switch to JSON editor instead of visual.

  • Paste the following JSON, then click "Next" and give the policy a name (CasedPolicy) and description. Then click "Create policy".

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "autoscaling:Describe*",
                "cloudformation:Describe*",
                "cloudformation:ListStacks",
                "cloudfront:ListDistributions",
                "cloudtrail:DescribeTrails",
                "cloudtrail:GetTrail",
                "cloudtrail:GetTrailStatus",
                "cloudtrail:GetTrailStatus",
                "cloudtrail:LookupEvents",
                "cloudwatch:GetMetricData",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:GetMetricWidgetImage",
                "cloudwatch:ListMetrics",
                "cloudwatch:PutDashboard",
                "dynamodb:DescribeTable",
                "dynamodb:ListTables",
                "ec2:DescribeInstances",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "ecs:DescribeClusters",
                "ecs:DescribeServices",
                "ecs:DescribeTaskDefinition",
                "ecs:DescribeTasks",
                "ecs:ListClusters",
                "ecs:ListServices",
                "ecs:ListTasks",
                "elasticache:Describe*",
                "elasticbeanstalk:DescribeEnvironments",
                "elasticloadbalancing:DescribeLoadBalancers",
                "iam:GetPolicy",
                "iam:GetPolicyVersion",
                "iam:GetRole",
                "iam:ListAttachedRolePolicies",
                "iam:ListPolicies",
                "iam:ListRoles",
                "iam:ListUsers",
                "kms:DescribeKey",
                "kms:ListKeys",
                "lambda:ListFunctions",
                "logs:DescribeLogStreams",
                "logs:DescribeLogGroups",
                "logs:GetLogEvents",
                "rds:DescribeDBInstances",
                "rds:DescribeDBSnapshots",
                "rds:DescribeEvents",
                "rds:ListTagsForResource",
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "sns:ListSubscriptions",
                "sns:ListTopics",
                "sqs:ListQueues"
            ],
            "Resource": "*"
        }
    ]
}

  1. Create a new IAM Role

  • Click on "Roles" in the left-hand navigation pane, then click on the "Create role" button.

  1. Specify Trusted Entity

  • On the "Create role" page, select "AWS Account", and then "Another AWS account" as the trusted entity type, and provide our AWS account ID: 495860673956. Click "Next."

  1. Attach Permissions Policy

  • Now, search by name for the permissions policy you created earlier.

  • Select this permissions policy (with the checkbox), and click "Next"

  • Now, give the role a name (like "CasedRole") and description, then click "Create role".

  1. Provide Role ARN

  • Almost done! Once the role is created, it will appear in the list of roles in your IAM console.

  • Search for the newly-created role name, and click on it to get a summary view of the role. You'll see the Role ARN at the top of the Summary page. It'll look something like this: arn:aws:iam::995840643156:role/CasedRole

  • Copy and then enter the Role ARN on the AWS Connections page of Cased, making sure to select the correct region as well.

PreviousGet the most out of CasedNextDatadog

Last updated