AWS

Requirements

For each AWS Account you'd like to enroll

Name

Description

Teleskope Role

Create a Teleskope Role using Terraform

Variable

Description

Example

origin_aws_account_id

(Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with

"012345678912"

##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################

resource "aws_iam_role" "teleskope" {
  name               = "TeleskopeRole"
  path               = "/system/"
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
    }
  }
}

resource "aws_iam_role_policy" "account_policy" {
  role       = aws_iam_role.teleskope.id
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Create a Teleskope Role using the AWS Console

In the navigation pane of the console, choose Roles and then choose Create role
Choose Custom Trust Policy as the Trusted Entity Type

Replace the custom trust policy with:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{origin_aws_account_id}:root"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Enrollment

In Teleskope, enroll the AWS account:

Provide the AWS Account ID
Provide a name for your AWS Account
Provide the previously created role name exactly as it appears

If an IAM Role Path is used (as in this example), it must be supplied in the UI:

system/TeleskopeRole

PreviousData Elements NextAthena

Last updated 1 hour ago

Was this helpful?

Requirements

For each AWS Account you'd like to enroll

Name

Description

Teleskope Role

Create an IAM role for Teleskope to assume using or on the

Create a Teleskope Role using Terraform

Variable

Description

Example

origin_aws_account_id

(Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with

"012345678912"

##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################

resource "aws_iam_role" "teleskope" {
  name               = "TeleskopeRole"
  path               = "/system/"
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
    }
  }
}

resource "aws_iam_role_policy" "account_policy" {
  role       = aws_iam_role.teleskope.id
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Create a Teleskope Role using the AWS Console

In the navigation pane of the console, choose Roles and then choose Create role

Choose Custom Trust Policy as the Trusted Entity Type

Replace the custom trust policy with:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{origin_aws_account_id}:root"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}