OpsCompass makes it easy to connect AWS with your OpsCompass Tenant. Follow these steps to connect with AWS.
1. As a prerequisite, you will need to verify you are part of an AWS organization.
a. From the AWS home dashboard, type or navigate to "AWS Organizations"
b. You can verify whether you are a part of an organization here. If you are not a part of an organization and don't see a similar screen in AWS, please continue to step C.
c. From here, click on "Create an organization". You can also see here.
2.) Click the "Connect Amazon Web Services" button.
3.) Create the "OpsCompass Viewer IAM Role" which will launch a CloudFormation template.
4.) Before you "Create stack" on this CloudFormation template confirm the ExternalID parameter from the previous screen matches.
5.) Upon completion of the stack creation, navigate to the newly created OpsCompassViewer Role (link provided on screen for convenience).
6.) Copy the Role ARN at the top as well as the External ID Value (found in "Trust relationships").
7.) Paste the Role ARN and External ID Value (from step 6) into OpsCompass and "Connect".
8a.) *Optional* For the full event based scanning experience, set up OpsCompass to be notified of changes in near real time.
Note: If this step is skipped, APIs will be polled approximately every 8 hours.
8b.) "Create stack" for event forwarding.
OpsCompass will begin to scan the environment. You will see the account added to the dashboard, resources populated in the inventory and mapped to the compliance frameworks associated with your OpsCompass account.