Configure AWS

Objective: Create an AWS IAM role to allow Skyhigh to scan S3 buckets

Login to your AWS account

  1. From your Student Credentials page, click the AWS Account Login link to open it in a new window.
  2. Enter the AWS Student Username and AWS Student Password at the login screen, accordingly and click Sign in. Note that the Account ID will be automatically populated. If you choose to cut and paste the credentials, please take care not to select any extra characters.

Configure an IAM Role for Skyhigh

  1. In the search box, type IAM and click the IAM heading that appears. AWS IAM AWS IAM
  2. In the IAM entry on the left, select Roles. AWS IAM AWS IAM
  3. From the Roles screen click the Create role button, select AWS account for the Trusted entity type.
  4. Select Another AWS account and enable the Require external ID option
  5. Use the Skyhigh AWS Account ID and External ID obtained in the previous section for the Account ID and External ID, respectively (refer to your still-open browser tab with the Skyhigh Dashboard for these values). AWS IAM AWS IAM
  6. Click the Next button.
  7. On the Add permissions page, type s3full in the search box and select the AmazonS3FullAccess policy.
  8. Now clear the search box and enter readonlyaccess and select the filter type of AWS managed - job function and select the ReadOnlyAccess policy. AWS Role Policies AWS Role Policies
  9. Click the Next button.
  10. On the final Name, review, and create screen, enter SkyhighRole in the Role name box and click Create role.
  11. You will be returned to the Roles list

Obtain the ARN for the Skyhigh Role

  1. From the Roles list, click SkyhighRole (the role you just created)
  2. From the SkyhighRole page, copy the ARN value to your clipboard (use the copy icon) AWS Role Policies AWS Role Policies

Please keep your AWS tab open while you continue with the lab