# AWS

## Requirements

For each AWS Account you'd like to enroll

| Name           | Description                                                                                                                                                                    |
| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Teleskope Role | Create an IAM role for Teleskope to assume using [Terraform](#create-a-teleskope-role-using-terraform) or on the [AWS Console](#create-a-teleskope-role-using-the-aws-console) |

### Create a Teleskope Role using Terraform

| Variable                 | Description                                                                                         | Example        |
| ------------------------ | --------------------------------------------------------------------------------------------------- | -------------- |
| origin\_aws\_account\_id | (Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with | "012345678912" |

```
##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################

resource "aws_iam_role" "teleskope" {
  name               = "TeleskopeRole"
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
    }
  }
}

resource "aws_iam_role_policy" "account_policy" {
  role   = aws_iam_role.teleskope.id
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}
```

### Create a Teleskope Role using the AWS Console

1. Sign in to the AWS Management Console and open the IAM console at <https://console.aws.amazon.com/iam/>
2. In the navigation pane of the console, choose Roles and then choose Create role
3. Choose Custom Trust Policy as the Trusted Entity Type
4. Replace the custom trust policy with:

   ```json
   {    
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam::{origin_aws_account_id}:root"
               },
               "Action": "sts:AssumeRole"
           }
       ]
   }
   ```
5. Create a custom inline policy with:

   ```json
   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": [
           "ec2:DescribeRegions",
           "ec2:DescribeSecurityGroups"
         ],
         "Resource": "*"
       }
     ]
   }
   ```

## Enrollment

In Teleskope, enroll the AWS account:

1. Provide the AWS Account ID
2. Provide a name for your AWS Account
3. Provide the previously created role name exactly as it appears


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.teleskope.ai/connectors/aws.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.