CSP Account Definition

Cloud Service Provider’s account should be defined under the cloud integration section. AWS, Azure, and GCP are supported cloud service providers.

The permission list of the CSP account to be entered into PAM should be as follows: • IAM_LIST_USERS("IAM:listUsers"), • IAM_LIST_INSTANCE_PROFILES("IAM:instanceProfiles"), • IAM_LIST_MFA_DEVICES("IAM:listMFADevices"), • IAM_LIST_GROUPS_FOR_USER("IAM:listGroupsForUser"), • IAM_LIST_ATTACHED_USER_POLICIES("IAM:listAttachedUserPolicies"), • IAM_LIST_ACCESS_KEYS("IAM:listAccessKeys"), • IAM_GET_ACCESS_KEY_LAST_USED("IAM:getAccessKeyLastUsed"), • IAM_LIST_ROLES("IAM:listRoles"), • IAM_LIST_ATTACHED_ROLE_POLICIES("IAM:listAttachedRolePolicies"), • IAM_LIST_ROLE_POLICIES("IAM:listRolePolicies"), • IAM_LIST_GROUPS("IAM:listGroups"), • IAM_LIST_ATTACHED_GROUP_POLICIES("IAM:listAttachedGroupPolicies"), • IAM_LIST_GROUP_POLICIES("IAM:listGroupPolicies"), • IAM_LIST_POLICIES("IAM:listPolicies"), • S3_LIST_BUCKETS("S3:listBuckets"), • S3_GET_BUCKET_LOCATION("S3:getBucketLocation") • S3_LIST_OBJECTS_V2("S3:listObjectsV2") • S3_GET_BUCKET_ACL("S3:getBucketAcl") • S3_GET_BUCKET_CORS("S3:getBucketCors") • S3_GET_BUCKET_ENCRYPTION("S3:getBucketEncryption") • S3_GET_BUCKET_POLICY("S3:getBucketPolicy") • S3_GET_BUCKET_POLICY_STATUS("S3:getBucketPolicyStatus") • RDS_DESCRIBE_INSTANCES("RDS:describeInstances") • RDS_DESCRIBE_INSTANCES_ROLE("RDS:describeInstancesRole") • EC2_DESCRIBE_INSTANCES("EC2:describeInstances") •EC2_DESCRIBE_INSTANCE_ROLES("EC2:describeIamInstanceProfileAssociations")