Live Search spaceKey ZenGRCOnboardingGuide additional none placeholder Search our site type page
Overview
For Amazon Web Services (AWS), there are some steps to take prior to setting the connection within the ZenGRC application.
The video here also shows how you can create a policy and attach it to a user:
https://www.loom.com/share/5421cfa85d5e45edad5032dd8e549390
To set up an AWS account, complete the following steps:
- Create an IAM user with programmatic access:
Create a new S3 bucket for use with ZenGRC. Setup the following CORS permissions for the bucket:
Code Block language xml <?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>https://<REPLACE_ME>.zengrc.com</AllowedOrigin> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <ExposeHeader>ETag</ExposeHeader> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>
Setup any additional options such as logging, server-side encryption, versioning as necessary.
Create an IAM policy attached to the user created in Step 1 with the following policy JSON:
Code Block { "Version": "2012-10-17", "Statement": [ { "Sid": "1", "Effect": "Allow", "Action": [ "s3:ListBucketByTags", "s3:ListBucketMultipartUploads", "s3:GetObjectVersionTagging", "s3:ListBucketVersions", "s3:PutObjectVersionTagging", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:PutObject", "s3:GetObject", "s3:GetBucketCORS", "s3:GetObjectTagging", "s3:PutObjectTagging", "s3:GetBucketLocation", "s3:GetObjectVersion", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME", "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME/*" ] } ] }Create an AWS Access Key for the IAM user created in Step 1.