Setting up the AWS Integration to enable Asset Discovery & Auto Checks
Important:
You must have admin rights in your AWS environment to complete the setup.
Without sufficient permissions, you wonβt be able to assign the necessary roles, enable APIs, or create service accounts.
Video: How to Enable AWS Integration in Kertos
This video walks you through the full AWS integration setup in Kertos β from registering an application to assigning the correct permissions.
Step 1: Getting Started
1. Go to the Integrations page in Kertos
2. Click on Setup in AWS Integration Card
3. Toggle Enable Auto Checks to ON
Step 2: Create a New IAM Role
4. Sign in to the AWS Management Console.
5. Navigate to the IAM service.
6. In the left-hand sidebar, select Roles, then click Create role.
7. Under Trusted entity type, choose AWS account.
8. Select Another AWS account, and enter the Account ID provided by Kertos.
9. Check the box for Require external ID, and enter the External ID provided by Kertos.
10. Click Next to proceed to permissions.
Step 3: Assign Permissions
11. Paste the following Read Only Access Permission SecurityAudit
for Security Audits into the search field.
12. Select the checkbox for the SecurityAudit role.
13. Click Next to proceed to name and description.
Step 4: Name the Role
14. Enter a Role name (e.g., kertos-security-audit-role
).
15. (Optional) Add a Role description such as:
Cross-account read-only access for Kertos discovery and Auto Checks.
16. Click Create role.
Step 5: Copy the Role ARN
17. After creation, click View role from the confirmation banner.
18. On the Summary page, locate the Role ARN at the top.
19. Click the copy icon next to the ARN.
Step 6: Finalize Integration in Kertos
20. Return to the Kertos Integrations page.
21. Paste the copied Role ARN into the AWS integration setup field.
22. Click Save.
23. Click again on the Integration Card to Start Sync to run your first discovery run & auto check.