Before you begin
Ensure that the following requirements are met:
- You must be running Address Manager v9.1.0 or greater
- You must have an AWS account to retrieve the AWS data with the following
permissions set:
- AmazonVPCReadOnlyAccess
- AmazonEC2ReadOnlyAccess
- AmazonEKSWorkerNodePolicy
- AmazonEKSClusterPolicy
- ElasticLoadBalancingReadOnly
- AmazonRoute53ReadOnlyAccess
- IAMReadOnlyAccess
- Active AWS Security Token Service (STS) for Global or the region that is in use.
- You must have an AWS account for Visibility with one of the following permission
sets:
- Full permissions
- CloudWatchFullAccess
- CloudWatchEventsFullAccess
- AmazonSQSFullAccess
- AmazonSNSFullAccess
- Specified IAM role
permissions
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:GetQueueAttributes", "sqs:TagQueue", "sqs:PurgeQueue", "sqs:DeleteQueue", "sqs:CreateQueue", "sqs:SetQueueAttributes", "sns:ListSubscriptionsByTopic", "sns:DeleteTopic", "sns:CreateTopic", "sns:ListTopics", "sns:Unsubscribe", "sns:SetTopicAttributes", "sns:Subscribe", "events:PutRule", "events:TagResource", "events:PutTargets", "events:DeleteRule", "events:ListRules", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "*" } ] }
For more information on setting permissions and configuring policies, refer to 'Managing IAM Policies' in the AWS Identity and Access Management User Guide.Attention: The following AWS Control Tower settings must not be enabled:- Disallow changes to Amazon SNS set up by AWS Control Tower
- Disallow changes to Amazon SNS subscriptions set up by AWS Control Tower
- Full permissions