AWS Data Source

This data source establishes a connection to AWS for extracting data about existing or running cloud service instances. This includes e.g. compute instances like EC2, block storage volumes or databases (RDS).

For the connection it is necessary to provide the credentials of an IAM user with programmatic access, which consists of Access Key ID and Secret Key. Further you have to declare Region of AWS cloud which the data source will establish a connection to. If a user has distributed the cloud infrastructure to several regions, it is possible to name all relevant regions within the same Data Source.

Since connectivity is established via AWS APIs and is authenticated via tokens you need to make sure that AWS Security Token Service (STS) actions are available and permitted in your corresponding IAM policy. Besides Get, List or Describe actions to access actual cloud service information, also add the following STS actions to the IAM policy that is attached to the accessing AWS user:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      ...,
      "Effect": ...,
      "Action": [
        ...,
        "sts:GetAccessKeyInfo",
        "sts:GetCallerIdentity",
        "sts:GetSessionToken",
        ...
      ],
      "Resource": ...,
      ...
    }
  ],
  ...
}