Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview


For Amazon Web Services (AWS), there are some steps to take prior to setting the connection within the ZenGRC application.

The video here also shows how you can create a policy and attach it to a user:

https://www.loom.com/share/5421cfa85d5e45edad5032dd8e549390

To set up an AWS account, complete the following steps:

  1. Create an IAM user with programmatic access:



  2. Create a new S3 bucket for use with ZenGRC. Setup the following CORS permissions for the bucket:

    Code Block
    languagexml
    <?xml version="1.0" encoding="UTF-8"?>
    
    <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    
    <CORSRule>
    
       <AllowedOrigin>https://<REPLACE_ME>.zengrc.com</AllowedOrigin>
    
       <AllowedMethod>POST</AllowedMethod>
    
       <AllowedMethod>GET</AllowedMethod>
    
       <MaxAgeSeconds>3000</MaxAgeSeconds>
    
       <ExposeHeader>ETag</ExposeHeader>
    
       <AllowedHeader>*</AllowedHeader>
    
    </CORSRule>
    
    </CORSConfiguration>


  3. Setup any additional options such as logging, server-side encryption, versioning as necessary.

  4. Create an IAM policy attached to the user created in Step 1 with the following policy JSON:

    Code Block
    {
    
       "Version": "2012-10-17",
    
       "Statement": [
    
           {
    
               "Sid": "1",
    
               "Effect": "Allow",
    
               "Action": [
    
                   "s3:ListBucketByTags",
    
                   "s3:ListBucketMultipartUploads",
    
                   "s3:GetObjectVersionTagging",
    
                   "s3:ListBucketVersions",
    
                   "s3:PutObjectVersionTagging",
    
                   "s3:ListBucket",
    
                   "s3:ListMultipartUploadParts",
    
                   "s3:PutObject",
    
                   "s3:GetObject",
    
                   "s3:GetBucketCORS",
    
                   "s3:GetObjectTagging",
    
                   "s3:PutObjectTagging",
    
                   "s3:GetBucketLocation",
    
                   "s3:GetObjectVersion",
    
                   "s3:DeleteObject"
    
               ],
    
               "Resource": [
    
                   "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME",
    
                   "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME/*"
    
               ]
    
           }
    
       ]
    
    }


  5. Create an AWS Access Key for the IAM user created in Step 1.