AWS
Requirements
For each AWS Account you'd like to enroll
Teleskope Role
Create an IAM role for Teleskope to assume using Terraform or on the AWS Console
Create a Teleskope Role using Terraform
origin_aws_account_id
(Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with
"012345678912"
##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################
resource "aws_iam_role" "teleskope" {
name = "TeleskopeRole"
path = "/system/"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "AWS"
identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
}
}
}
resource "aws_iam_role_policy" "account_policy" {
role = aws_iam_role.teleskope.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
}
]
}
EOF
}
Create a Teleskope Role using the AWS Console
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
In the navigation pane of the console, choose Roles and then choose Create role
Choose Custom Trust Policy as the Trusted Entity Type
Replace the custom trust policy with:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::{origin_aws_account_id}:root" }, "Action": "sts:AssumeRole" } ] }
Enrollment
In Teleskope, enroll the AWS account:
Provide the AWS Account ID
Provide a name for your AWS Account
Provide the previously created role name exactly as it appears
If an IAM Role Path is used (as in this example), it must be supplied in the UI:
system/TeleskopeRole
Last updated
Was this helpful?