AWS

Requirements

For each AWS Account you'd like to enroll

Name
Description

Teleskope Role

Create a Teleskope Role using Terraform

Variable
Description
Example

origin_aws_account_id

(Required) AWS Account ID where Teleskope is deployed that the Teleskope team will provide you with

"012345678912"

##################################################################
# The role Teleskope will assume from the origin AWS account. #
##################################################################

resource "aws_iam_role" "teleskope" {
  name               = "TeleskopeRole"
  path               = "/system/"
  assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}

data "aws_iam_policy_document" "assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::{origin_aws_account_id}:root"]
    }
  }
}

resource "aws_iam_role_policy" "account_policy" {
  role       = aws_iam_role.teleskope.id
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "ec2:DescribeSecurityGroups",
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

Create a Teleskope Role using the AWS Console

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/

  2. In the navigation pane of the console, choose Roles and then choose Create role

  3. Choose Custom Trust Policy as the Trusted Entity Type

  4. Replace the custom trust policy with:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::{origin_aws_account_id}:root"
                },
                "Action": "sts:AssumeRole"
            }
        ]
    }

Last updated