Skip to content
Integrations/Amazon Web Services (AWS)/Connection Guide
Connection Guide

Connect Amazon Web Services (AWS) Without Breaking the Audit Trail

Use this guide to connect Amazon Web Services (AWS) or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary
Connection typeDirect connection
CategoryCloud
Checklist3 steps
Want help with rollout?
We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Amazon Web Services (AWS) and make sure the first collection lands cleanly.

  1. 1
    Create a cross-account role with trust policy allowing your AWS principal and attach the AWS managed **SecurityAudit** and **AWSBackupReadOnlyAccess** policies.
  2. 2
    Provide role_arn and external_id (and optionally a regions allowlist in connection config).
  3. 3
    Validate by calling STS AssumeRole and fetching IAM account summary.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

role_arnexternal_id

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.