Skip to main content

Creating a cross-account role in AWS

Note

Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.

The steps below walk you through creating an IAM role in AWS with the information necessary to create a Hypersync using the cross-account role option.

  1. In the AWS Management Console, expand All services.

  2. Below Security, Identity, & Compliance, click IAM.

    The IAM dashboard opens.

  3. From the left navigation menu, expand Access management, and then click Roles.

  4. Click Create role.

  5. Select the AWS account radio button.

  6. Select the Another AWS account radio button.

  7. In the Account ID field, enter 030157059230. This is Hyperproof’s account.

  8. Select the Require external ID checkbox.

  9. Enter a unique string for External ID. This is used to create the Hypersync connection.

    Note

    Per AWS, the External ID value that a third party uses to assume a role must have a minimum of 2 characters and a maximum of 1,224 characters. The value must be alphanumeric without white space. It can also include the following symbols: plus (+), equal (=), comma (,), period (.), at (@), colon (:), forward slash (/), and hyphen (-). For more information about the External ID, please refer to the official AWS documentation.

  10. Click Next.

  11. Search and attach an appropriate policy to the role. For more information on creating a policy, please refer to Creating a policy and adding an AWS Hypersync user.

  12. Click Next.

  13. Enter a name for the role and, optionally, a description.

  14. Optionally, add tags.

  15. Click Create role.

  16. Click View role.

  17. Copy the Role ARN to create the Hypersync.

    Tip

    For more information on delegating access across AWS accounts via IAM roles, please refer to the official hypersyncs: AWS documentation.

Verify the new role

In your AWS account, open the new role you created. Verify that it has a trust relationship similar to the one shown below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::030157059230:root"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "your-external-id"
                }
            }
        }
    ]
}