Main Website Features Pricing Blog About us Request a Demo

IAM Setup Guide

Last updated 1 month ago

IAM Setup Guide

This guide will walk you through how to set up an IAM policy with read-only access to AWS services, and an IAM role or user with API access that can be used in the Blue Matador AWS integration. To set up the AWS integration, read guide.

IAM Policy

2. Select Policies from the left navigation and then click the Create Policy button.

3. Switch to the JSON tab of the policy editor and copy and paste the entire IAM policy below into the editor.

{
"Version": "2012-10-17",
"Statement": [
  {
    "Sid": "Statement1",
    "Effect": "Allow",
    "Action": [
        "rds:Describe*",
        "rds:List*",
        "ec2:Describe*",
        "ec2:List*",
        "elasticache:Describe*",
        "elasticache:List*",
        "sqs:List*",
        "dynamodb:Describe*",
        "dynamodb:List*",
        "autoscaling:Describe*",
        "eks:Describe*",
        "eks:List*",
        "ecs:Describe*",
        "ecs:List*",
        "lambda:List*",
        "ses:Describe*",
        "ses:List*",
        "ses:GetEmailIdentity",
        "kinesis:Describe*",
        "kinesis:List*",
        "cloudfront:Describe*",
        "cloudfront:List*",
        "cloudwatch:Describe*",
        "cloudwatch:List*",
        "elasticloadbalancing:Describe*",
        "apigateway:Get*",
        "kafka:List*",
        "mq:List*",
        "mq:Describe*",
        "dms:Describe*",
        "dms:List*",
        "redshift:DescribeClusters",
        "redshift:ListDatabases",
        "sns:List*",
        "es:List*",
        "es:Describe*",
        "appsync:ListResolvers",
        "appsync:ListGraphqlApis",
        "appsync:ListDataSources",
        "appsync:ListTypes",                
        "wafv2:ListWebACLs",
        "wafv2:ListRuleGroups",
        "wafv2:GetWebACL",
        "wafv2:GetRuleGroup",
        "waf-regional:ListRuleGroups",
        "waf-regional:ListWebACLs",
        "waf-regional:GetRuleGroup",
        "waf-regional:GetWebACL",
        "sns:SetTopicAttributes",
        "guardduty:ListDetectors",
        "guardduty:ListFindings",
        "guardduty:GetDetector",
        "guardduty:GetFindings",
        "events:ListRules",
        "events:ListEventBuses",
        "events:DescribeRule",
        "cloudtrail:LookupEvents"
    ],
    "Resource": "*"
  },
  {
    "Sid": "Statement2",
    "Effect": "Allow",
    "Action": [
        "cloudwatch:PutMetricAlarm",
        "cloudwatch:EnableAlarmActions",
        "cloudwatch:DisableAlarmActions",
        "sns:CreateTopic",
        "sns:Subscribe"
    ],
    "Resource": "*"
  },
  {
    "Sid": "PermissionsForEventBus",
    "Effect": "Allow",
    "Action": [
        "events:PutEvents",
        "events:PutRule",
        "events:PutTargets",
        "events:DisableRule",
        "events:EnableRule"
    ],
    "Resource": "*"
  }
  ]
}

4. Click the Review Policy button and enter a name and description for the policy. Then click the Create Policy button to create the policy.

Last updated 1 month ago

IAM Policy

2. Select Policies from the left navigation and then click the Create Policy button.

3. Switch to the JSON tab of the policy editor and copy and paste the entire IAM policy below into the editor.

{
"Version": "2012-10-17",
"Statement": [
  {
    "Sid": "Statement1",
    "Effect": "Allow",
    "Action": [
        "rds:Describe*",
        "rds:List*",
        "ec2:Describe*",
        "ec2:List*",
        "elasticache:Describe*",
        "elasticache:List*",
        "sqs:List*",
        "dynamodb:Describe*",
        "dynamodb:List*",
        "autoscaling:Describe*",
        "eks:Describe*",
        "eks:List*",
        "ecs:Describe*",
        "ecs:List*",
        "lambda:List*",
        "ses:Describe*",
        "ses:List*",
        "ses:GetEmailIdentity",
        "kinesis:Describe*",
        "kinesis:List*",
        "cloudfront:Describe*",
        "cloudfront:List*",
        "cloudwatch:Describe*",
        "cloudwatch:List*",
        "elasticloadbalancing:Describe*",
        "apigateway:Get*",
        "kafka:List*",
        "mq:List*",
        "mq:Describe*",
        "dms:Describe*",
        "dms:List*",
        "redshift:DescribeClusters",
        "redshift:ListDatabases",
        "sns:List*",
        "es:List*",
        "es:Describe*",
        "appsync:ListResolvers",
        "appsync:ListGraphqlApis",
        "appsync:ListDataSources",
        "appsync:ListTypes",                
        "wafv2:ListWebACLs",
        "wafv2:ListRuleGroups",
        "wafv2:GetWebACL",
        "wafv2:GetRuleGroup",
        "waf-regional:ListRuleGroups",
        "waf-regional:ListWebACLs",
        "waf-regional:GetRuleGroup",
        "waf-regional:GetWebACL",
        "sns:SetTopicAttributes",
        "guardduty:ListDetectors",
        "guardduty:ListFindings",
        "guardduty:GetDetector",
        "guardduty:GetFindings",
        "events:ListRules",
        "events:ListEventBuses",
        "events:DescribeRule",
        "cloudtrail:LookupEvents"
    ],
    "Resource": "*"
  },
  {
    "Sid": "Statement2",
    "Effect": "Allow",
    "Action": [
        "cloudwatch:PutMetricAlarm",
        "cloudwatch:EnableAlarmActions",
        "cloudwatch:DisableAlarmActions",
        "sns:CreateTopic",
        "sns:Subscribe"
    ],
    "Resource": "*"
  },
  {
    "Sid": "PermissionsForEventBus",
    "Effect": "Allow",
    "Action": [
        "events:PutEvents",
        "events:PutRule",
        "events:PutTargets",
        "events:DisableRule",
        "events:EnableRule"
    ],
    "Resource": "*"
  }
  ]
}

4. Click the Review Policy button and enter a name and description for the policy. Then click the Create Policy button to create the policy.

5. Proceed to create a role or user with this policy (recommended: create user name temperstack). For