LogoLogo
  • Getting Started
    • Welcome to Teleskope.ai
    • Your Journey with Teleskope
  • The Platform
    • Data Catalog
    • Data Subject Rights
      • Integrations
      • Enroll Third Party Integrations
        • Amplitude
        • Google Analytics
        • Salesforce
        • Bazaar Voice
      • Enroll Structured Databases
      • Deletion Methods
    • Policy Maker
    • Issues
    • API Service
      • Scanning API
        • v1/classify
        • v1/classifyCollection
        • v1/scan
      • Redaction API
        • v1/scrub
      • Data Subject Rights
        • GET v1/dsr/requests
        • POST v1/dsr/requests
      • Metadata
        • v1/aws/rds
        • v1/aws/s3
        • v1/snowflake
        • v1/snowflake/users
        • v1/gcp/bigquery
        • v1/gcp/cloudstorage
        • v1/gcp/cloudsql
  • Setup
    • Deployment
    • Role Based Access Control
    • SSO
      • Okta
      • Microsoft Entra
      • Google Auth
  • Specifications
    • Data Store Coverage
    • Compliance Frameworks
    • Redaction Methodologies
    • Data Elements
  • Connectors
    • AWS
      • Athena
      • RDS
      • DynamoDB
      • Redshift
      • S3
      • SNS
      • SQS
    • GCP
      • Cloud Storage
      • Grant Teleskope Access to BigQuery
      • CloudSQL
      • Grant Teleskope Access to CloudLogging
    • SaaS
      • Github
      • Google Drive
      • Jira
      • Segment
      • Zendesk
      • DropBox
      • Box
      • Bitbucket
      • Slack
      • Sharepoint Online
    • Snowflake
    • Azure
      • Azure SQL
      • Azure Database
      • Blob Storage
      • CosmosDB
      • Synapse
    • Databricks
  • DSR
  • Alerting Integrations
    • Slack
    • Tines
Powered by GitBook
On this page
  • Requirements
  • Create a Teleskope Role using Terraform
  • Create a Teleskope Role using the AWS Console

Was this helpful?

  1. Connectors

AWS

Requirements

For each AWS Account you'd like to enroll

Name
Description

Teleskope Role

Create a Teleskope Role using Terraform

Variable
Description
Example

origin_aws_account_id

(Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with

"012345678912"

##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################

resource "aws_iam_role" "teleskope" {
  name               = "TeleskopeRole"
  path               = "/system/"
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
    }
  }
}

resource "aws_iam_role_policy" "account_policy" {
  role       = aws_iam_role.teleskope.id
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups",
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Create a Teleskope Role using the AWS Console

  1. In the navigation pane of the console, choose Roles and then choose Create role

  2. Choose Custom Trust Policy as the Trusted Entity Type

  3. Replace the custom trust policy with:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::{origin_aws_account_id}:root"
                },
                "Action": "sts:AssumeRole"
            }
        ]
    }
PreviousData ElementsNextAthena

Last updated 6 months ago

Was this helpful?

Create an IAM role for Teleskope to assume using or on the

Sign in to the AWS Management Console and open the IAM console at

https://console.aws.amazon.com/iam/
Terraform
AWS Console