Verifying Your AWS Configuration
When you have finished connecting your AWS accounts, you should verify the configuration was successful.
To verify your configuration:
-
In the AWS Console IAM service, select Roles.
-
Search for the IAM role created by CloudFormation. Select the role and save its name and ARN. For example,
arn:aws:iam::xxxxxxxxxxxx:role/SailPointCIEMAuditRoleStack
. -
Select the Trust relationships tab and confirm the principal displays:
874540850173
for Commercial accounts229634586956
for GovCloud accounts
-
Select Policies and search for the IAM role created by CloudFormation. For example, "SailPointCIEMAuditPolicy".
-
Select Permissions and verify the bucket name in the JSON.
- Ensure the policy allows
s3:GetBucketLocation
ands3:ListBucket
actions on the CloudTrail bucket, and thes3:GetObject
action on the S3 bucket contents.
You can also view a summary of these details:
- Go to CloudFormation > Stacks.
- Select the stack.
-
Choose the Parameters tab to view the key values for your configuration.
Use this information to connect your AWS source with SailPoint CIEM.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.