Amazon Web Services (AWS) Setup Guide

Follow the steps below to connect (where supported) or set up an export-based workflow. Either way, Aurora tracks source, timestamps, ownership, and freshness so evidence stays reusable between reviews.

At a Glance

ConnectionDirect connection

CategoryCloud

Guide3 steps

Need help?

We'll confirm what can be automated, what stays export-based, and how to keep evidence current between review cycles.

Steps

Use these as a starting point, then verify collection inside Aurora.

1
Create a cross-account role with trust policy allowing your AWS principal and attach the AWS managed **SecurityAudit** and **AWSBackupReadOnlyAccess** policies.
2
Provide role_arn and external_id (and optionally a regions allowlist in connection config).
3
Validate by calling STS AssumeRole and fetching IAM account summary.

Credentials

The inputs Aurora needs to authorize and collect proof.

account_idrole_arnexternal_id

Permissions

Aurora requests only the minimum access needed for collection and checks.

Permissions depend on the selected collection mode and configured scope.