Amazon Web Services Connector—About User Permissions and Imported Data

The Cisco Secure Dynamic Attributes Connector imports dynamic attributes from AWS to Security Cloud Control for use in access control policies.

Dynamic attributes imported

We import the following dynamic attributes from AWS:

  • Tags, user-defined key-value pairs you can use to organize your AWS EC2 resources.

    For more information, see Tag your EC2 Resources in the AWS documentation

  • IP addresses of virtual machines in AWS.

Minimum permissions required

The Cisco Secure Dynamic Attributes Connector requires a user at minimum with a policy that permits ec2:DescribeTags, ec2:DescribeVpcs, and ec2:DescribeInstances to be able to import dynamic attributes.