ComplyJet

Before you begin, make sure the following requirements are met:

You must have permission to create IAM roles in the AWS account you want to connect. Typically, this requires admin privileges or IAM permissions like:

- <code>iam:CreateRole</code>
- <code>iam:AttachRolePolicy</code>
- <code>iam:GetRole</code>

___________________________________________________________

In ComplyJet, you will be asked to provide the AWS account number you wish to connect.

Why this is needed: ComplyJet uses this identifier to create a trust relationship when you later create an IAM role.

Where to find it: Log in to your AWS Console &gt; Click your account name &gt; View "My Account" &gt; Copy the 12-digit Account ID.

- Why this is needed: ComplyJet uses this identifier to create a trust relationship when you later create an IAM role.
- Where to find it: Log in to your AWS Console &gt; Click your account name &gt; View "My Account" &gt; Copy the 12-digit Account ID.

Paste this into the AWS Account Number field in ComplyJet.

You will now create a read-only role that allows ComplyJet to securely monitor your AWS account.

Go to the <a href="https://console.aws.amazon.com/iam/home#/roles" rel="nofollow noopener noreferrer" target="_blank">IAM Console</a> in AWS.

Under Trusted entity type, select AWS Account.

Choose Another AWS Account and enter:

yaml CopyEdit ComplyJet Account ID: 123456789012

Check the box for Require external ID, and enter the external ID provided in the ComplyJet setup screen.

- Why this is needed: The external ID adds a security layer by ensuring only ComplyJet can assume the role.

Ensure that Require MFA is not selected.

1. Go to the <a href="https://console.aws.amazon.com/iam/home#/roles" rel="nofollow noopener noreferrer" target="_blank">IAM Console</a> in AWS.
2. Click Create Role.
3. Under Trusted entity type, select AWS Account.
4. Choose Another AWS Account and enter:
 yaml CopyEdit ComplyJet Account ID: 123456789012
5. Check the box for Require external ID, and enter the external ID provided in the ComplyJet setup screen.
 - Why this is needed: The external ID adds a security layer by ensuring only ComplyJet can assume the role.
6. Ensure that Require MFA is not selected.
7. Click Next: Permissions.

On the Permissions screen, search for the managed policy named:

Select the checkbox next to the <code>SecurityAudit</code> policy.

- Why this is needed: This policy provides read-only access to a broad set of AWS services and resources needed for compliance monitoring.

Click Next: Tags (you can skip this section unless your org requires tags).

1. On the Permissions screen, search for the managed policy named:
 nginx CopyEdit SecurityAudit
2. Select the checkbox next to the <code>SecurityAudit</code> policy.
 - Why this is needed: This policy provides read-only access to a broad set of AWS services and resources needed for compliance monitoring.
3. Click Next: Tags (you can skip this section unless your org requires tags).
4. Click Next: Review.

<code>Read-only cross-account access for ComplyJet compliance automation.</code>

1. Name the role exactly as shown below:
 CopyEdit complyjet-auditor
2. Description (optional):
 <code>Read-only cross-account access for ComplyJet compliance automation.</code>
3. Click Create Role.

After creating the role, navigate to it in the IAM &gt; Roles section.

Copy the full Role ARN (Amazon Resource Name), which looks like:

ruby CopyEdit arn:aws:iam::123456789012:role/complyjet-auditor

Paste the Role ARN into the corresponding field in ComplyJet.

1. After creating the role, navigate to it in the IAM &gt; Roles section.
2. Copy the full Role ARN (Amazon Resource Name), which looks like:
 ruby CopyEdit arn:aws:iam::123456789012:role/complyjet-auditor
3. Paste the Role ARN into the corresponding field in ComplyJet.

Why this is needed: The ARN uniquely identifies the role and allows ComplyJet to assume it for read-only access.

- Why this is needed: The ARN uniquely identifies the role and allows ComplyJet to assume it for read-only access.

ComplyJet allows you to specify which AWS regions to monitor for compliance.

If your account has no region restrictions:

Select All regions to allow full visibility across your infrastructure.

- Select All regions to allow full visibility across your infrastructure.

Click Next once you’ve selected the appropriate regions.

Once the role is linked and regions selected, ComplyJet will begin its first sync. Within a few minutes, you should start seeing AWS assets and compliance signals populated in your dashboard.

If you need help at any step, please reach out to our support team via the in-app chat. We're here to help.

This guide walks through the step-by-step process of securely connecting your AWS account to ComplyJet.

AWS Integration

Find answers and get help from Intercom Support and Community Experts

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

AWS Integration

Prerequisites

AWS Account Access

Step 1: Enter AWS Account Information

Step 2: Create the IAM Role in AWS

2.1: Define the Trust Relationship

2.2: Assign the Required Permissions

2.3: Name and Create the Role

Step 3: Link the Role in ComplyJet

Step 4: Select AWS Regions to Monitor

If your account has no region restrictions:

Completion