Skip to main content
All CollectionsApp Integrations
AWS Integration
AWS Integration

How to integrate Accessium with your AWS Organisation.

James Cottrill avatar
Written by James Cottrill
Updated this week

Accessium is able to integrate with your AWS organisation and give you a complete view of who can access your AWS accounts.

In order to keep your AWS organisation secure, we don't use AWS Access keys. Instead, we federate access using your company's unique Accessium service account. This means that there is no possibility of your credentials being leaked and we generate an access token every time we need to manage your AWS instance. This is significantly more secure than other access methods, however there are a few steps to set this up.

Setting up Accessium for Federated Access

  1. Get your AWS policy

    Within Accessium, navigate to New App > AWS.
    You'll see the AWS policy that you'll need

  2. Create your IAM Role

    Log in to your AWS Organisation, Search for IAM, then select Roles from the sidebar.


    Then Click on the Create role button

  3. Choose your Entity

    Select Custom Trust Policy as your trusted entity Type

  4. Configure the trust policy

    Paste the trust policy directly from Accessium

  5. Add the IAMFullAccess and AWSOrganizationsReadOnlyAccess permissions to the role. This is required to manage the roles for your organisation.

  6. Name your Role

    Give your role a memorable name, we recommend AccessiumIntegration just so you know what it's used for. Check the role details then click Create role at the bottom of the page

  7. Get your Role ARN

    Once your role is created, you'll see the role in your Roles page

    Click on the Role name to open the detail page and get the ARN.

  8. Validate your ARN:

    Navigate back to Accessium and paste in your ARN. Click Validate and Accessium will load all the accounts that the role can access. Select the roles that you want to manage, configure your approval flow then click Add App

Did this answer your question?