SecureSlateSecureSlate
Log inSign up
← All docsDocs

Cloud Scanning

Scan Your AWS Account

Connect Your AWS Account

SecureSlate helps you secure your Amazon Web Services (AWS) environment by scanning for misconfigurations and risky settings. The connection uses a dedicated read-only IAM user so SecureSlate never modifies your resources. After you connect, findings appear on the Checks tab of the Cloud overview page, filtered by AWS.

Connection is done in four steps: create an IAM user, set up a supplemental policy, enter credentials in SecureSlate, and name your cloud connection.

Step 1: Create IAM user in AWS

  1. Go to the Cloud overview page, click Connect cloud, and choose AWS to open the AWS Configuration wizard.
  2. In the wizard, start at Create IAM user.
  3. Log into your AWS account as an admin (or with permission to create IAM resources).
  4. In the AWS console, open IAMUsersAdd user.
  5. Set the username to secureslate-scanner.
  6. Choose Programmatic access, then click Next.
  7. Select Attach existing policies directly and attach the SecurityAudit policy.
  8. Do not complete user creation yet. Continue to Step 2 in the SecureSlate wizard to add the required supplemental policy, then return to finish the user.

 
AWS Configuration - Create IAM user

Tip: Use Open IAM Users Console in the wizard to jump to the right place in AWS.

Step 2: Set up policy

  1. In the SecureSlate wizard, go to Set up policy.
  2. In AWS IAM, click Create policy (or open PoliciesCreate policy).
  3. Open the JSON tab and paste the supplemental policy provided in the wizard (it allows read-only actions such as ses:DescribeActiveReceiptRuleSet, athena:GetWorkGroup, logs:DescribeLogGroups, logs:DescribeMetricFilters, and other describe/list actions on the required services).
  4. Click Review policy, name it SecureSlateSupplemental, and click Create policy.
  5. Return to the Create user flow in AWS. Attach the new SecureSlateSupplemental policy to the secureslate-scanner user, then click Next: Tags.
  6. Add tags if needed, then click Create user.
  7. Save the Access key ID and Secret access key—you will need them in the next step. You cannot view the secret again after leaving the page.

 
AWS Configuration - Set up policy

Note: The IAM user has only read-only permissions. SecureSlate uses it to scan configuration and will not change any resources.

Step 3: Connect accounts

  1. In the SecureSlate wizard, go to Connect accounts.
  2. Enter the Access key ID and Secret access key for the secureslate-scanner user.
  3. Click Continue.

Use the credentials you saved when creating the user. Never share your secret access key.

 
AWS Configuration - Connect accounts

Step 4: Name your cloud connection

  1. In the wizard, go to Name your cloud connection.
  2. Enter a Cloud name (for example, “AWS Production” or “AWS Cloud Infrastructure”).
  3. Select the purpose of the connection (e.g., production, staging, development) from the dropdown.
  4. Click Complete Configuration.

 
AWS Configuration - Name your cloud connection

After you complete the flow, SecureSlate will start scanning your AWS resources and typically report misconfigurations within a few minutes.

Prerequisites

  • AWS account with permission to create IAM users and policies.
  • Permission to attach the SecurityAudit managed policy and to create a custom policy (e.g., SecureSlateSupplemental).
  • Ability to create access keys for the IAM user and to paste them into SecureSlate.

Last updated: March 10, 2026