The roles and permissions detailed below are required by the AWS services listed, on which your AWS Sensor relies. During deployment, the AWS CloudFormation template provided by LevelBlue automatically manages and assigns these as needed by your sensor. The following table shows the IAM roles and permissions required by your AWS Sensor.Documentation Index
Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
Use this file to discover all available pages before exploring further.
Warning: The sensor’s capacity to extract the information will be endangered if you disable the below services. The sensor won’t have permission to perform the disabled function.
| Prerequisites | Description |
|---|---|
| Amazon CloudWatch | - “cloudwatch:Describe*” - “cloudwatch:Get*” - “cloudwatch:List*” - “logs:Describe*” - “logs:Get*” - “logs:TestMetricFilter*“ |
| AWS CloudTrail | - “cloudtrail:Describe*” - “cloudtrail:Get*” - “cloudtrail:List*“ |
| AWS Elastic Load Balancing (ELB) | - “elasticloadbalancing:Describe*“ |
| Amazon Simple Storage Service (S3) | - “s3:Get*” - “s3:List*“ |
| Amazon EC2 | - “ec2:Describe*“ |
| AWS IAM | - “iam:List*” - “iam:Get*“ |
| Amazon GuardDuty | - “guardduty:Get*” - “guardduty:List*“ |
| Amazon Relational Database Service (RDS) | - “rds:Describe*” |