Amazon Web Services Connector—About User Permissions and Imported Data
The Cisco Secure Dynamic Attributes Connector imports dynamic attributes from AWS to CDO for use in access control policies.
Dynamic attributes imported
We import the following dynamic attributes from AWS:
-
Tags, user-defined key-value pairs you can use to organize your AWS EC2 resources.
For more information, see Tag your EC2 Resources in the AWS documentation
-
IP addresses of virtual machines in AWS.
Minimum permissions required
The Cisco Secure
Dynamic Attributes Connector requires a user at minimum with a policy that permits ec2:DescribeTags, ec2:DescribeVpcs, and ec2:DescribeInstances to be able to import dynamic attributes.