...

Instructions on how to create the AWS ARN and external ID are available in the following article at Cloud Integration: On-board AWS follow.

Setting up the AWS account for onboarding

Creating the AWS policy

1. Sign in to the AWS Management Console by clicking here

   • The link will take you to create policy page

2. Select the JSON tab in the policy editor and paste the following policy (overwriting the existing items):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "apigateway:GET"
      ]
    }
  ]
}

1. Select Review policy, and enter the name below:

   • DataTheorem-APIGateway-SecurityAudit

2. Select Create policy

Creating the AWS role

1. Navigate to Create Role page on AWS by clicking here

   • The link will pre-fill Data Theorem's account ID

   • You need to fill the External ID field by generating a random password. We suggest one of the following:

     • Generate a UUID

     • Generate from terminal: openssl rand -base64 32

     • Keep the External ID somewhere temporarily as you will need it later.

2. Ensure the field Account ID and External ID are filled

3. Select Next: Permissions

4. Enter SecurityAudit in the search box and then select its checkbox

5. Erase the search box, and enter DataTheorem-APIGateway-SecurityAudit. Select its checkbox

6. Select Next: Review and enter the following for the name:

   • DataTheorem-Service

   • Ensure it has the two SecurityAudit and DataTheorem-APIGateway-SecurityAudit policies enabled

7. Select Create role

8. Select on the newly created role DataTheorem-Service

9. Copy the Role ARN value on the top of the page.

Onboarding an AWS environment via API

...