LogoLogo
  • Getting Started
    • Welcome to Teleskope.ai
    • Your Journey with Teleskope
  • The Platform
    • Data Catalog
    • Data Subject Rights
      • Integrations
      • Enroll Third Party Integrations
        • Amplitude
        • Google Analytics
      • Enroll Structured Databases
      • Deletion Methods
    • Policy Maker
    • Issues
    • API Service
      • Scanning API
        • v1/classify
        • v1/classifyCollection
        • v1/scan
      • Redaction API
        • v1/scrub
      • Data Subject Rights
        • GET v1/dsr/requests
        • POST v1/dsr/requests
      • Metadata
        • v1/aws/rds
        • v1/aws/s3
        • v1/snowflake
        • v1/snowflake/users
        • v1/gcp/bigquery
        • v1/gcp/cloudstorage
        • v1/gcp/cloudsql
  • Setup
    • Deployment
    • Role Based Access Control
    • SSO
      • Okta
      • Microsoft Entra
      • Google Auth
  • Specifications
    • Data Store Coverage
    • Compliance Frameworks
    • Redaction Methodologies
    • Data Elements
  • Connectors
    • AWS
      • Athena
      • RDS
      • DynamoDB
      • Redshift
      • S3
      • SNS
      • SQS
    • GCP
      • Cloud Storage
      • Grant Teleskope Access to BigQuery
      • CloudSQL
      • Grant Teleskope Access to CloudLogging
    • SaaS
      • Github
      • Google Drive
      • Jira
      • Segment
      • Zendesk
      • DropBox
      • Box
      • Bitbucket
      • Slack
      • Sharepoint Online
    • Snowflake
    • Azure
      • Azure SQL
      • Azure Database
      • Blob Storage
      • CosmosDB
      • Synapse
    • Databricks
  • DSR
  • Alerting Integrations
    • Slack
    • Tines
Powered by GitBook
On this page
  • Requirements
  • Create a Teleskope Role using Terraform
  • Create a Teleskope Role using the AWS Console

Was this helpful?

  1. Connectors

AWS

Requirements

For each AWS Account you'd like to enroll

Name
Description

Teleskope Role

Create a Teleskope Role using Terraform

Variable
Description
Example

origin_aws_account_id

(Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with

"012345678912"

##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################

resource "aws_iam_role" "teleskope" {
  name               = "TeleskopeRole"
  path               = "/system/"
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
    }
  }
}

resource "aws_iam_role_policy" "account_policy" {
  role       = aws_iam_role.teleskope.id
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups",
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Create a Teleskope Role using the AWS Console

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/

  2. In the navigation pane of the console, choose Roles and then choose Create role

  3. Choose Custom Trust Policy as the Trusted Entity Type

  4. Replace the custom trust policy with:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{origin_aws_account_id}:root"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
PreviousData ElementsNextAthena

Last updated 5 months ago

Was this helpful?

Create an IAM role for Teleskope to assume using or on the

Terraform
AWS Console