Create Custom Policy

To evaluate controls related to Elastic File System (EFS) and API Gateway resources, additional permissions are required. You need to assign additional permissions to the IAM role associated with the AWS connector to evaluate the EFS and API Gateway resources in your cloud environment.

Note: This additional permissions are not required for Cloud Inventory users.

You can create a new policy with the required permissions and attach the policy to the IAM role associated with the AWS connector.

Create the Custom Policy

1 - Log in to your Amazon Web Services (AWS) IAM console at https://console.aws.amazon.com/iam/ with user that has administrator permissions.
2 - In the navigation pane, choose Policies.
3 - In the content pane, choose Create policy.
4 - Choose the JSON tab. Paste the following text into the JSON text box.

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"QualysEFSPolicyPermissions",
         "Effect":"Allow",
         "Action":[
            "elasticfilesystem:DescribeFileSystemPolicy"
         ],
         "Resource":"*"
      },
      {
         "Sid":"QualysAPIGatewayGetPermissions",
         "Effect":"Allow",
         "Action":"apigateway:GET",
         "Resource":"arn:aws:apigateway:*::/restapis/*"
      }
   ]
}

5 - Click Next: Tags.

6 - Provide a name and description for the policy and then click Create policy. For example, let us create Sample_Custom_Policy. 

The policy is created with required permissions. The next steps is to associate the policy with the IAM role associated with the connector.

Attach Policy To The IAM Role

Once you create the policy, attach it with the role associated with the connector.

1 - Log in to your Amazon Web Services (AWS) IAM console at https://console.aws.amazon.com/iam/ with user that has administrator permissions.
2 - In the navigation pane, choose Roles.
3 - Select the IAM Role being used by the connector.
4 - Choose the Permissions tab and click Attach Policies.
5 - Find the policy you created (example: Sample_Custom_Policy) and click Attach Policy.