Temperstack
Main WebsiteFeaturesPricingBlogAbout usRequest a Demo
  • Overview
    • What is Temperstack?
    • Use Cases
  • User Managment
    • Getting started as Admin
      • Inviting Users
      • Mapping multiple services to a Team
      • Single Sign-On (SSO)
      • Customising ALCOM Audit & scanning
    • Getting Started as a User /Responder
    • Managing profile & contact details
  • Integrations
    • Integrating your Observability tools
      • Setting up AWS Integration
        • Multiple AWS Account Integration
        • IAM Setup Guide
          • Creating IAM User: Temperstack with Policy
          • Creating IAM Role: Temperstack with Policy
      • Setting up Microsoft Azure Integration
        • Creating Access for Temperstack in Azure
      • Setting up Google Cloud Platform Integration
        • Creating Access for Temperstack in GCP
      • Setting up Datadog Integration
        • Creating Access for Temperstack in Datadog
        • Managing resources with Datadog
      • Setting up NewRelic Integration
        • Creating Access for Temperstack in NewRelic
        • Managing resources with New Relic
      • Setting up Splunk Integration
        • Creating Access for Temperstack in Splunk
        • Managing resources with Splunk
      • Setting up Appdynamics Integration
        • Creating Access for Temperstack in Appdynamics
        • Managing resources with Appdynamics
      • Setting up Dynatrace Integration
        • Creating Access for Temperstack in Dynatrace
        • Managing resources with Dynatrace
      • Setting up Oracle Cloud Infrastructure
        • Creating Access for Temperstack in OCI
    • Integrating Custom Alerts & Other Alerting sources
      • Webhook Integration
      • Ingesting Emails as alerts
      • Integrating alert listeners from other observability tools
  • Alert routing & Response Managment
    • On-call scheduling and Escalation Policies
    • Setting up Services
    • Alert notification channels
      • Integrating Slack channels
      • Integrating MS Team
    • Mapping resources to Services
      • Rule based resource to Service Mapping
      • Using AI suggested mapping rules
    • Testing Alerting and Notifications
    • Responding to Alerts
  • Monitoring
    • Setting up and maintaining Comprehensive alerting
      • Alerting Templates- metrics & customisation
      • ALCOM and identifying monitoring gaps
      • Programmatically setting up missing alerts in your Observability tool
      • Alert noise Reduction & Optimisation
  • Uptime Monitoring
    • Real time Availability Monitoring
  • Incident analysis & communication
    • External and Internal service Status Pages
      • Instruction to migrate subscribers from Statuspage
  • AI-Powered Issue Resolution
    • AI powered contextual Runbooks
    • Incident command - alert grouping by incident
    • AI Powered Root cause Identification
  • Reporting & Governance
    • Temperstack Dashboard
    • SLO Dashboard
    • MTTA MTTR
  • Billing & Help
    • FAQs
    • Support
Powered by GitBook
On this page
  1. Integrations
  2. Integrating your Observability tools
  3. Setting up AWS Integration

IAM Setup Guide

Last updated 1 month ago

This guide will walk you through how to set up an IAM policy with read-only access to AWS services, and an IAM role or user with API access that can be used in the Blue Matador AWS integration. To set up the AWS integration, read guide.

IAM Policy

  1. Log in to the and access the IAM dashboard via Services > IAM

2. Select Policies from the left navigation and then click the Create Policy button.

3. Switch to the JSON tab of the policy editor and copy and paste the entire IAM policy below into the editor.

{
"Version": "2012-10-17",
"Statement": [
  {
    "Sid": "Statement1",
    "Effect": "Allow",
    "Action": [
        "rds:Describe*",
        "rds:List*",
        "ec2:Describe*",
        "ec2:List*",
        "elasticache:Describe*",
        "elasticache:List*",
        "sqs:List*",
        "dynamodb:Describe*",
        "dynamodb:List*",
        "autoscaling:Describe*",
        "eks:Describe*",
        "eks:List*",
        "ecs:Describe*",
        "ecs:List*",
        "lambda:List*",
        "ses:Describe*",
        "ses:List*",
        "ses:GetEmailIdentity",
        "kinesis:Describe*",
        "kinesis:List*",
        "cloudfront:Describe*",
        "cloudfront:List*",
        "cloudwatch:Describe*",
        "cloudwatch:List*",
        "elasticloadbalancing:Describe*",
        "apigateway:Get*",
        "kafka:List*",
        "mq:List*",
        "mq:Describe*",
        "dms:Describe*",
        "dms:List*",
        "redshift:DescribeClusters",
        "redshift:ListDatabases",
        "sns:List*",
        "es:List*",
        "es:Describe*",
        "appsync:ListResolvers",
        "appsync:ListGraphqlApis",
        "appsync:ListDataSources",
        "appsync:ListTypes",                
        "wafv2:ListWebACLs",
        "wafv2:ListRuleGroups",
        "wafv2:GetWebACL",
        "wafv2:GetRuleGroup",
        "waf-regional:ListRuleGroups",
        "waf-regional:ListWebACLs",
        "waf-regional:GetRuleGroup",
        "waf-regional:GetWebACL",
        "sns:SetTopicAttributes",
        "guardduty:ListDetectors",
        "guardduty:ListFindings",
        "guardduty:GetDetector",
        "guardduty:GetFindings",
        "events:ListRules",
        "events:ListEventBuses",
        "events:DescribeRule",
        "cloudtrail:LookupEvents"
    ],
    "Resource": "*"
  },
  {
    "Sid": "Statement2",
    "Effect": "Allow",
    "Action": [
        "cloudwatch:PutMetricAlarm",
        "cloudwatch:EnableAlarmActions",
        "cloudwatch:DisableAlarmActions",
        "sns:CreateTopic",
        "sns:Subscribe"
    ],
    "Resource": "*"
  },
  {
    "Sid": "PermissionsForEventBus",
    "Effect": "Allow",
    "Action": [
        "events:PutEvents",
        "events:PutRule",
        "events:PutTargets",
        "events:DisableRule",
        "events:EnableRule"
    ],
    "Resource": "*"
  }
  ]
}

4. Click the Review Policy button and enter a name and description for the policy. Then click the Create Policy button to create the policy.

5. Proceed to create a role or user with this policy (recommended: create user name temperstack). For

creating a IAM user use the guide here
this
AWS Web Console