Overview
For Amazon Web Services (AWS), there are some steps to take prior to setting the connection within the ZenGRC application.
The video here also shows how you can create a policy and attach it to a user:
https://www.loom.com/share/5421cfa85d5e45edad5032dd8e549390
To set up an AWS account, complete the following steps:
- Create an IAM user with programmatic access:
Create a new S3 bucket for use with ZenGRC. Setup the following CORS permissions for the bucket:
<?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>https://<REPLACE_ME>.zengrc.com</AllowedOrigin> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <ExposeHeader>ETag</ExposeHeader> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>
Setup any additional options such as logging, server-side encryption, versioning as necessary.
Create an IAM policy attached to the user created in Step 1 with the following policy JSON:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "1", "Effect": "Allow", "Action": [ "s3:ListBucketByTags", "s3:ListBucketMultipartUploads", "s3:GetObjectVersionTagging", "s3:ListBucketVersions", "s3:PutObjectVersionTagging", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:PutObject", "s3:GetObject", "s3:GetBucketCORS", "s3:GetObjectTagging", "s3:PutObjectTagging", "s3:GetBucketLocation", "s3:GetObjectVersion", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME", "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME/*" ] } ] }Create an AWS Access Key for the IAM user created in Step 1.