AWS
Requirements
For each AWS Account you'd like to enroll
Teleskope Role
Create an IAM role for Teleskope to assume using Terraform or on the AWS Console
Create a Teleskope Role using Terraform
origin_aws_account_id
(Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with
"012345678912"
##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################
resource "aws_iam_role" "teleskope" {
name = "TeleskopeRole"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "AWS"
identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
}
}
}
resource "aws_iam_role_policy" "account_policy" {
role = aws_iam_role.teleskope.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
}
]
}
EOF
}
Create a Teleskope Role using the AWS Console
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
In the navigation pane of the console, choose Roles and then choose Create role
Choose Custom Trust Policy as the Trusted Entity Type
Replace the custom trust policy with:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::{origin_aws_account_id}:root" }, "Action": "sts:AssumeRole" } ] }
Create a custom inline policy with:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeRegions", "ec2:DescribeSecurityGroups" ], "Resource": "*" } ] }
Enrollment
In Teleskope, enroll the AWS account:
Provide the AWS Account ID
Provide a name for your AWS Account
Provide the previously created role name exactly as it appears
Last updated
Was this helpful?