Skip to content

Verifying Your AWS Configuration

When you have finished connecting your AWS accounts, you should verify the configuration was successful.

To verify your configuration:

  1. In the AWS Console IAM service, select Roles.

  2. Search for the IAM role created by CloudFormation. Select the role and save its name and ARN. For example, arn:aws:iam::xxxxxxxxxxxx:role/SailPointCIEMAuditRoleStack.

  3. Select the Trust relationships tab and confirm the principal displays:

    • 874540850173 for Commercial accounts
    • 229634586956 for GovCloud accounts
  4. Select Policies and search for the IAM role created by CloudFormation. For example, "SailPointCIEMAuditPolicy".

  5. Select Permissions and verify the bucket name in the JSON.

  6. Ensure the policy allows s3:GetBucketLocation and s3:ListBucket actions on the CloudTrail bucket, and the s3:GetObject action on the S3 bucket contents.

You can also view a summary of these details:

  1. Go to CloudFormation > Stacks.
  2. Select the stack.
  3. Choose the Parameters tab to view the key values for your configuration.

    AWS Stack details parameters tab with key values related to the AWS configuration.

Use this information to connect your AWS source with SailPoint CIEM.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.