AWS proof types and permissions
Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.
Hyperproof supports connecting to AWS via access keys or cross-account roles.
When you create a Hypersync between Hyperproof and AWS, you can automatically collect proof based on the following services:
Additional documentation
Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncs for a single control or label.
The sections below provide additional information about connecting AWS to Hyperproof.
Connecting to AWS or AWS GovCloud via access keys
Below Access Key ID, enter your AWS Access Key ID.
Tip
IAM users have keys that provide access to proof stored in AWS. If you do not have IAM user credentials, a root user or an IAM administrator can create them. For steps on adding an AWS user with SecurityAudit access, see Creating a policy and adding an AWS Hypersync user.
If you use SSO, be sure to create an IAM user and not use the access keys provided for your SSO user, as those have session tokens associated with the keys that only allow access for a limited time.
For more information on creating an IAM user in your AWS account, see the official hypersyncs: aws-short documentation.
Below Secret Access Key, enter your AWS Secret Access Key.
Click Next.
Connecting via a cross-account role
Select the Cross Account Role radio button to connect to AWS via a cross-account role.
Note
To use the cross-account role option, your AWS administrator needs to set up an IAM role with the permissions needed to perform specific actions. For more information, see Creating a cross-account role in AWS.
Below ARN, enter your Role ARN.
Below External ID, enter your unique string ID.
Click Next.
Completing the connection process
The steps below apply to both access keys and cross-accounts.
Select the radio button that best suits how you want to identify AWS accounts.
For a single AWS account, select Use the current account. Hyperproof assumes only the role ARN provided in the step above to fetch data.
For a few AWS accounts, select Choose from a list of accounts , and then select the accounts to retrieve data from.
For many AWS accounts, select Specify tags to identify accounts. Hyperproof finds all accounts matching the tag criteria and retrieves data from each one.
Using multiple key-value pairs of tags finds accounts with all of the specified tags, using a logical AND operation.
Entering the same key with different values finds accounts matching any of the values provided for a given key, using a logical OR operation.
See TagFilters query object for more details on finding resources by tags.
Click Next.