You can use AWS IAM to securely control access to your AWS resources. To integrate with Skyhigh CASB, use IAM role-based authentication to create a role in AWS to trust a Skyhigh CASB AWS account. When completing the integration, enter the ARN of each role, providing Skyhigh CASB appropriate access to your organization's AWS account(s). Keys are never exchanged as part of this process.
For more information about IAM, see https://aws.amazon.com/iam/faqs/
To configure IAM role for Skyhigh CASB:
- In an AWS account that contains CloudTrail logs:
In order to use the Compliance Policies, grant the ReadOnlyAccess permissions, or minimal required permissions as detailed in Configure Skyhigh CASB IAM Roles for AWS.