search

Connecting AWS to Osto

This guide walks you through securely connecting your AWS account to Osto for continuous visibility, scanning, and cloud security posture management.

  • Open the AWS Management Consolearrow-up-right and sign in with your AWS credentials.

  • You’ll need to collect a few identifiers and credentials during this setup — follow the steps below carefully.

1

hashtag
Find Your AWS Account ID

Your AWS Account ID uniquely identifies your AWS account and is required for integration.

To find it:

  • In the AWS Console, search for IAM.

  • Open the IAM (Identity and Access Management) service.

  • On the IAM Dashboard, locate the AWS Account section.

  • Copy the Account ID and save it — you’ll need it later.

2

hashtag
Create or Use an Existing IAM User

Osto connects to AWS using an IAM user with restricted, read-only permissions. If you don’t already have one, create it:

  • In the IAM sidebar, click Users.

  • Click Create user.

  • Enter a user name (for example, osto-cloud-security-posture-management).

  • Click Next.

3

hashtag
Assign Permissions to the IAM User

Osto requires read-only access to scan and assess your cloud resources. Assign the following AWS-managed policies:

  • Under Set permissions, choose Attach policies directly.

  • Search for and select the following policies:

    • SecurityAudit

    • ViewOnlyAccess

  • Click Next, review details, and then click Create user.

4

hashtag
Create Access Keys

Osto authenticates using access keys associated with your IAM user. To create one:

  • Return to IAM → Users.

  • Click on the user you created.

  • Go to the Security credentials tab.

  • Scroll down to Access keys and click Create access key.

  • Choose Third-party service (for integrations and monitoring).

  • Check the confirmation box and click Next.

5

hashtag
(Optional) Add a Description Tag

  • Add a tag description such as "Osto integration key for monitoring resources".

  • Click Create access key.

6

hashtag
Retrieve and Secure Your Keys

After the access key is created, the console will display:

  • Access Key ID

  • Secret Access Key

triangle-exclamation

The Secret Access Key is only shown once. Copy and store it securely — if it’s lost, you must create a new key.

Click Done after securely saving both values.

7

hashtag
Fill in the Osto Cloud Connector Form

In the Osto platform, open the Connect a Cloud Provider window and select Amazon Web Services (AWS).

Fill in the fields as follows:

  • Name: A friendly name for your AWS connection (e.g., “Prod AWS Account”).

  • Description: Optional description for easier identification.

  • AWS Account ID: The account ID you copied earlier.

  • Access Key ID: The Access Key ID from the IAM user you created.

  • Secret Access Key: The Secret Access Key generated in the previous step.

Once filled, click Connect to authenticate and establish the integration.

8

hashtag
Verify Connection

After connecting successfully:

  • Your AWS assets will start syncing automatically.

  • The Osto Dashboard will display asset count and necessary metrics.

  • The connector’s status will change to Active.

hashtag
Permissions Reference

At minimum, the IAM user must have:

  • SecurityAudit

  • ViewOnlyAccess

If your organization enforces least privilege, you may instead assign a custom IAM role restricted to Osto’s required read-only actions.

hashtag
Summary of Required Values

Parameter
Source
Example

AWS Account ID

IAM Dashboard → AWS Account

123456789012

Access Key ID

IAM → Users → Security credentials

AKIAIOSFODNN7EXAMPLE

Secret Access Key

Shown once upon key creation

wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

hashtag
Troubleshooting (expandable)

chevron-rightVerify attached policies if connection failshashtag

If the connection fails, verify that the IAM user has both SecurityAudit and ViewOnlyAccess policies attached.

chevron-rightCheck Access Key and Secrethashtag

Double-check that your Access Key ID and Secret Access Key are correct.

chevron-rightLost Secret Access Keyhashtag

If the Secret Access Key is lost, create a new access key — it cannot be retrieved later.

chevron-rightNetwork connectivityhashtag

Ensure your network allows outbound connections to Osto’s API endpoints.

PreviousConnecting Microsoft Azure to OstoNextConnecting GCP to Osto

Last updated