Configuration Parameters

Enter the Access Key ID of the Service IAM User.

Enter the Secret Access Key of the Service IAM User.

Enter the role name that is created in all the AWS Accounts that are to be aggregated.

If the Amazon Resource Name (ARN) of the role contains a path, then it should be created with same path and name in all the AWS accounts. The input value must be provided as follows:

<entire Role Path>/<Role Name>.

When checked, will manage IAM entities from all the AWS accounts.

Lists all the AWS Account IDs, separated by a comma, that are to be excluded.

Lists all the AWS Account IDs, separated by a comma, that are to be included.

Enter the Region as per your AWS instance. For example, "us-east-1" for AWS commercial cloud and "us-gov-west-1" for AWS GovCloud (US).

The maximum size of each data set when querying over large number of objects for IAM entities. Default: 100

Enter the role name that is created in all the AWS Accounts that are to be aggregated.

If the Amazon Resource Name (ARN) of the role contains a path, then it should be created with same path and name in all the AWS accounts. The input value must be provided as follows:

<entire Role Path>/<Role Name>.

Enter the External ID that is used in an IAM role trust policy to designate who can assume the role.

Note
This is mandatory if the external ID condition is provided to the IAM Role trust policy. This condition defines how and when trusted entities can assume the role.

Enter the Management Account ID of the AWS organization.

Note
Applicable if the Manage All Accounts checkbox is selected or Organization entities are present in the application schema.

When checked, will manage IAM entities from all the AWS accounts.

Lists all the AWS Account IDs, separated by a comma, that are to be excluded.

Lists all the AWS Account IDs, separated by a comma, that are to be included.

Enter the Region as per your AWS instance. For example, "us-east-1" for AWS commercial cloud and "us-gov-west-1" for AWS GovCloud (US).

The maximum size of each data set when querying over large number of objects for IAM entities. Default: 100

Default value: 3600

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.

Set the value of the assumeRoleDurationInSeconds parameter as follows:

<entry key="assumeRoleDurationInSeconds" value="3600"/>

Default value: SailPointUser

An identifier for the assumed role session. Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the AWS account that owns the role.

Set the value of the assumeRoleSessionName parameter as follows:

<entry key="assumeRoleSessionName" value="SailPointUser"/>

Maximum number of retry attempts. Default: 5

Delay in milliseconds after which a retry attempt is performed. The baseDelay will exponentially increase after every retry attempt. Default: 500

For example, if the defaultvalue is 10 seconds, for subsequent retry attempts baseDelay will be 20 seconds, and 40 secondsand so on.

Delay in milliseconds after which a retry attempt is performed. This delay is applicable to throttling errors. The throttledBaseDelay will exponentially increase after every retry attempt. Default: 1000

Maximum backoff time in milliseconds. When the sleep time increases exponentially after each retry attempt, this value would be set to the maximum limit of the sleep time. Default: 20000