Integrations
Connecting SecureSlate & AWS Accounts
Connecting Amazon Web Services (AWS) to SecureSlate enables continuous cloud scanning and misconfiguration checks. SecureSlate connects with read-only permissions so it can evaluate your environment without making changes to your AWS resources.
After connecting, findings appear on the Checks tab of the Cloud overview page, filtered by AWS.
Prerequisites
Before you start, make sure you have:
- SecureSlate permissions: access to create/manage integrations (typically Admin).
- AWS permissions: permission to create IAM users and customer-managed policies, and to attach AWS managed policies.
- An AWS account owner/admin (or equivalent) available to complete the IAM steps in the AWS console.
Connect an AWS account
SecureSlate guides you through a short setup wizard. The connection is completed in four steps: create an IAM user, create a supplemental policy, paste credentials into SecureSlate, and name the connection.
Step 1: Start the AWS wizard in SecureSlate
- In SecureSlate, open the Cloud overview page.
- Click Connect cloud, then choose AWS to open the AWS Configuration wizard.
- In the wizard, begin at Create IAM user.
Step 2: Create an IAM user in AWS
- Log into the AWS console as an admin (or a role that can create IAM resources).
- Open IAM → Users → Add user.
- Set the username to secureslate-scanner.
- Enable Programmatic access.
- Choose Attach existing policies directly and attach the AWS managed policy SecurityAudit.
- Pause before you finish creating the user. You’ll add a SecureSlate supplemental policy next, then return to complete user creation.
Step 3: Create the SecureSlate supplemental policy
SecureSlate requires a small set of additional read-only permissions (primarily Describe* / List* actions) beyond SecurityAudit for certain services.
- In the SecureSlate wizard, go to Set up policy and copy the JSON policy shown.
- In AWS IAM, open Policies → Create policy.
- Switch to the JSON editor and paste the policy from SecureSlate.
- Create the policy with the name SecureSlateSupplemental.
- Return to the IAM user you were creating and attach SecureSlateSupplemental to secureslate-scanner.
- Finish creating the IAM user and generate an Access key ID and Secret access key.
- Save the secret access key immediately (AWS will not show it again).
Step 4: Add AWS credentials in SecureSlate
- In the SecureSlate wizard, go to Connect accounts.
- Paste the Access key ID and Secret access key for the secureslate-scanner IAM user.
- Click Continue.
Step 5: Name the connection and complete setup
- In the wizard, go to Name your cloud connection.
- Enter a clear Cloud name (for example, “AWS Production” or “AWS Staging”).
- Select a purpose (production, staging, development).
- Click Complete Configuration.
After you complete the flow, SecureSlate will begin scanning. In most environments, initial findings appear within a few minutes.
Verify the integration
To confirm everything is working:
- Open Cloud overview and confirm the AWS connection appears.
- Open Checks and filter to AWS to see results populate.
- If you recently connected, wait a few minutes and refresh—larger AWS environments can take longer on the initial pass.
Troubleshooting
If the connection fails or findings don’t appear:
- Confirm the IAM user has both policies attached:
- AWS managed SecurityAudit
- Customer-managed SecureSlateSupplemental
- Confirm you copied the correct access keys for
secureslate-scannerand that the secret access key was saved at creation time. - If keys were rotated or lost, create a new access key (or a new IAM user) and update the connection in SecureSlate.