Help CenterTo manage your AWS account and install the Braid platform, we require a specific IAM role with limited access. We have designed a simple and consistent deployment process using a small CloudFormation file. This file, when deployed, will automatically create the necessary role with predefined permissions.
Follow this link to get started: Braid Client Role Deployment.
WHY
Setting up this role is essential for securely integrating your AWS account with Braid. This approach provides:
-
Secure Remote Access: The role grants us controlled access to your AWS account through our AWS organization, ensuring that no other third party can gain unauthorized access.
-
Restricted IAM Permissions: The role is designed without permissions to create, modify, or delete IAM users and policies, preventing any potential security risks or privilege escalations.
-
CloudTrail Integrity: The role does not have permissions to disable or delete AWS CloudTrail. This ensures that all account activity remains logged and auditable, providing full transparency and security compliance.
-
Consistent and Scalable Management: By using a CloudFormation template, we ensure that every deployment follows a uniform and secure configuration, reducing complexity and minimizing the risk of misconfigurations.
By deploying this role, you enable us to manage your AWS environment securely while ensuring strict access controls and auditability.