S3

PreviousParameter Store (SSM)NextSecrets Manager

Last updated 1 year ago

Was this helpful?

S3

This AWS integration allows you to configure CloudTruth External Parameters from an S3 bucket.

Adding Integrations

If you already have a CloudTruth AWS integration you can add AWS S3 by editing the existing account, selecting this integration and adding the S3 inline policy. The Terraform and CloudFormation role setup methods automatically create the S3 inline policy.

To create a new or additional AWS account click Add AWS Account from the Integrations AWS page to bring up the add account pane. Add a name for the AWS account, your specific AWS account ID and the AWS account role name. CloudTruth allows you to select regions where your resources exist, all US regions are enabled by default.

Check the S3 integration and click Save.

The AWS account will enter an Integration Error state until the AWS role is configured. An auto generated External Id will be created to use in the AWS Role Creation.

Configuring the AWS Role

With the provided External ID create your AWS Role.

S3 Inline Policy

Adding an Inline Policy to the AWS Role allows CloudTruth secure access to the selected integration service. The inline policy is automatically created if you used CloudFormation or Terraform to create the role.

From the AWS IAM Console select the role that you created for CloudTruth access.

Click Add Inline Policy.

Click the JSON Tab.

Paste in the following JSON for the S3 integration policy and click Review Policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "BucketSelection",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Sid": "BucketAccess",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Type in a name for the policy and click Create Policy.

PreviousParameter Store (SSM)NextSecrets Manager

Last updated 1 year ago

Was this helpful?

This AWS integration allows you to configure CloudTruth External Parameters from an S3 bucket.

Adding Integrations

Check the S3 integration and click Save.

The AWS account will enter an Integration Error state until the AWS role is configured. An auto generated External Id will be created to use in the AWS Role Creation.

Configuring the AWS Role

With the provided External ID create your AWS Role.

AWS Role

S3 Inline Policy

From the AWS IAM Console select the role that you created for CloudTruth access.

Click Add Inline Policy.

Click the JSON Tab.

Paste in the following JSON for the S3 integration policy and click Review Policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "BucketSelection",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Sid": "BucketAccess",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Type in a name for the policy and click Create Policy.

Setup is now complete for both the AWS Role and Policy. After refreshing by clicking "Check Integration Status" the CloudTruth integration will now show as "Connected", and you can begin creating external Dynamic Parameter values that reference your AWS resources.