AWS Cross Account Role (CAR) Deployment Permissions
- Paul Tompkins (Unlicensed)
As part of the SaaS deployment, AUTOMATE+ streamlines the enablement and configuration of a number of native AWS services, detailed here.
In order to deploy, configure & integrate with the relevant AWS services, the SaaS service requires a Cross Account Role, in turn the service provides the ability for the platform to provide security visibility, co-ordinate 1-click remediation and/or self healing & integrate with the AWS Well-Architected Tool.
The cross account role is created at first with additional temporary permissions (while the Cloud Formation stacks are running) due to the deployment functions taking place, after this finishes (15 mins) the cross account role is hardened to least-permissive principals.
Should you have any additional questions relating to the role configuration, permissions or requirements, please contact 6pillars at support@6pillars.ai.
The deployment permissions are unique depending on if you are deployment AUTOMATE (read only) or AUTOMATE+ (continuous compliance).