Overview
For Amazon Web Services (AWS), there are some steps to take prior to setting the connection within the ZenGRC application.
To set up an AWS account, complete the following steps:
- Create an IAM user with programmatic access:
Create a new S3 bucket for use with ZenGRC. Setup the following CORS permissions for the bucket:
<?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>https://<REPLACE_ME>.zengrc.com</AllowedOrigin> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <ExposeHeader>ETag</ExposeHeader> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>
Setup any additional options such as logging, server-side encryption, versioning as necessary.
Create an IAM policy attached to the user created in Step 1 with the following policy JSON:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "1", "Effect": "Allow", "Action": [ "s3:ListBucketByTags", "s3:ListBucketMultipartUploads", "s3:GetObjectVersionTagging", "s3:ListBucketVersions", "s3:PutObjectVersionTagging", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:PutObject", "s3:GetObject", "s3:GetBucketCORS", "s3:GetObjectTagging", "s3:PutObjectTagging", "s3:GetBucketLocation", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME", "arn:aws:s3:::REPLACE_WITH_BUCKET_NAME/*" ] } ] }Create an AWS Access Key for the IAM user created in Step 1.