Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »


Overview


For Amazon Web Services (AWS), there are some steps to take prior to setting the connection within the ZenGRC application.

To set up an AWS account, complete the following steps:

  1. Create an IAM user with programmatic access:



  2. Create a new S3 bucket for use with ZenGRC. Setup the following CORS permissions for the bucket:

    <?xml version="1.0" encoding="UTF-8"?>
    
    <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    
    <CORSRule>
    
       <AllowedOrigin>https://<REPLACE_ME>.zengrc.com</AllowedOrigin>
    
       <AllowedMethod>POST</AllowedMethod>
    
       <AllowedMethod>GET</AllowedMethod>
    
       <MaxAgeSeconds>3000</MaxAgeSeconds>
    
       <ExposeHeader>ETag</ExposeHeader>
    
       <AllowedHeader>*</AllowedHeader>
    
    </CORSRule>
    
    </CORSConfiguration>
  3. Setup any additional options such as logging, server-side encryption, versioning as necessary.

  4. Create an IAM policy attached to the user created in Step 1 with the following policy JSON:

    {
    
       "Version": "2012-10-17",
    
       "Statement": [
    
           {
    
               "Sid": "1",
    
               "Effect": "Allow",
    
               "Action": [
    
                   "s3:ListBucketByTags",
    
                   "s3:ListBucketMultipartUploads",
    
                   "s3:GetObjectVersionTagging",
    
                   "s3:ListBucketVersions",
    
                   "s3:PutObjectVersionTagging",
    
                   "s3:ListBucket",
    
                   "s3:ListMultipartUploadParts",
    
                   "s3:PutObject",
    
                   "s3:GetObject",
    
                   "s3:GetBucketCORS",
    
                   "s3:GetObjectTagging",
    
                   "s3:PutObjectTagging",
    
                   "s3:GetBucketLocation",
    
                   "s3:GetObjectVersion",
    
                   "s3:DeleteObject"
    
               ],
    
               "Resource": [
    
                   "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME",
    
                   "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME/*"
    
               ]
    
           }
    
       ]
    
    }
  5. Create an AWS Access Key for the IAM user created in Step 1.

  • No labels