Amazon Web Services

AWS Source

ThreatKey supports discovery, monitoring, and automatic resolution of security findings for Amazon Web Services accounts.


To connect an AWS account, you can either:

  • Manually create AWS IAM roles or users with the appropriate permissions.
  • Use the CloudFormation-based connection wizard to setup AWS IAM roles.

Roles are recommended

Although the manual connection process allows uploading AWS IAM user keys, it is best practice to instead use AWS IAM roles. The documentation below will only refer to roles for readability's sake, but AWS IAM user access keys are supported as well.

Both enrollment flows guide you through the steps to create two AWS IAM roles in your AWS account.

  • A read-only role, which is by default called ThreatKeyAudit. This role is used to evaluate AWS asset details.
  • A role with the AdministratorAccess policy, which is by default called ThreatKey. This role is used to set up both the read-only role and Cloudtrail event forwarding.


As of 2021/11/05, the permissions required for the two roles are as follows:

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us