Accessium

Accessium is able to integrate with your AWS organisation and give you a complete view of who can access your AWS accounts.

In order to keep your AWS organisation secure, we don't use AWS Access keys. Instead, we federate access using your company's unique Accessium service account. This means that there is no possibility of your credentials being leaked and we generate an access token every time we need to manage your AWS instance. This is significantly more secure than other access methods, however there are a few steps to set this up.

Setting up Accessium for Federated Access

Within Accessium, navigate to New App &gt; AWS. You'll see the AWS policy that you'll need ​

Log in to your AWS Organisation, Search for IAM, then select <code>Roles</code> from the sidebar.

Then Click on the <code>Create role</code> button ​

Select <code>Custom Trust Policy</code> as your trusted entity Type ​

Paste the trust policy directly from Accessium

Add the following permissions to the role: <code>IAMFullAccess</code> <code>AWSOrganizationsReadOnlyAccess</code>

<code>AWSSSOMemberAccountAdministrator</code> This is required to manage the roles for your organisation. ​

Give your role a memorable name, we recommend <code>AccessiumIntegration</code> just so you know what it's used for. Check the role details then click <code>Create role</code> at the bottom of the page ​

Once your role is created, you'll see the role in your Roles page ​

Click on the Role name to open the detail page and get the ARN. ​

Navigate back to Accessium and paste in your ARN. Click <code>Validate</code> and Accessium will load all the accounts that the role can access. Select the roles that you want to manage, configure your approval flow then click Add App

1. Get your AWS policy
 Within Accessium, navigate to New App &gt; AWS. You'll see the AWS policy that you'll need ​

2. Create your IAM Role
 Log in to your AWS Organisation, Search for IAM, then select <code>Roles</code> from the sidebar.
 
 Then Click on the <code>Create role</code> button ​

3. Choose your Entity
 Select <code>Custom Trust Policy</code> as your trusted entity Type ​

4. Configure the trust policy
 Paste the trust policy directly from Accessium
 
 
 
5. Add the following permissions to the role: <code>IAMFullAccess</code> <code>AWSOrganizationsReadOnlyAccess</code>
 <code>AWSSSOMemberAccountAdministrator</code> This is required to manage the roles for your organisation. ​
 
 
6. Name your Role
 Give your role a memorable name, we recommend <code>AccessiumIntegration</code> just so you know what it's used for. Check the role details then click <code>Create role</code> at the bottom of the page ​
 
 
7. Get your Role ARN
 Once your role is created, you'll see the role in your Roles page ​
 
 Click on the Role name to open the detail page and get the ARN. ​
 
 
8. Validate your ARN:
 Navigate back to Accessium and paste in your ARN. Click <code>Validate</code> and Accessium will load all the accounts that the role can access. Select the roles that you want to manage, configure your approval flow then click Add App