AWS Integration - Manual

Adding a Cloud Connection

Navigate to your stack’s integrations page within the admin panel. Click on the “Add Cloud Connection” button to add a new integration.

Configuration

In section 3, name the name of the IAM role you want use to track it in Method. This also gives you the AWS Account ID, External ID, and required Policy that you will need when configuring your AWS IAM Role.

AWS Console

Within the AWS Console, navigate to the IAM dashboard and select “Roles”

Create an IAM Role

Within the “Roles” page, click “Create role” in the top right corner of the screen.

Configuring Your IAM Role

Within the new Role form, please select the following options. Then click “Next” in the bottom right.

• Trusted Entity Type - AWS Account

• AWS Account - Another AWS Account

• Account Number - Use the account number provided in section 3 of the cloud credentials form.

• Options - Require external ID

  • Use the external ID provided in section 3 of the cloud credentials form. Optionally, you can specify a custom external ID, but we strongly recommend that value is unique across all integrations.

Permissions

On the “Add Permissions” page, type SecurityAudit into the search bar which should filter down to a single, AWS provided policy.

Save Your New Role

Name your new role and optionally provide a description before reviewing the Role configuration. It should look something like the below. If all looks good, scroll down and click “Create Role” in the bottom right.

View Your New Role

This will create the role and return you to the Roles list, showing all the Roles within your account. Search for the name of the Role you provided in the last step and click into that Role in the table.

Copy Your Role's ARN Value

You should now be viewing the page for the Role you created. At the top you should see a copy button next to the ARN for the Role. Copy that ARN value and save it close by as you will need it in the next step.

Fill in Your IAM Role ARN

Take the ARN for the Role you created and paste it back into the Cloud Connection form within Method’s admin panel.

Test Connectivity

Confirm the connection was successful by clicking the Test Connection button. If there is an error, please reach out to your Method Team for support.

Delegate to an Environment

To provide you with granular control over which Method Environment’s are able to leverage this new Cloud Connection, you need to delegate that ability to individual Environments.

From the Cloud Connection panel, search and click for any additional environments you want to delegate to. You can also deselect or clear environments that you no longer want to provide access to.