Amazon Web Services

Overview

Heeler supports broad visibility into Amazon Web Services and can be configured to onboard and stream inventory data from all accounts via AWS Organization or individually on a single account. It is recommended to connect via AWS Organization to simplify onboarding and to ensure complete visibility as your cloud footprint grows.

To enable near real-time collection for deployment changes, it is recommended to setup AWS Event Collection.

Setup Options

Heeler provides templates for setup using CloudFormation or Terraform. AWS CLI instructions are also be provided.

The On-Boarding wizard in Heeler will walk you through the setup and automate launching of CloudFormation templates when chosen.

Please see the Organization (Recommended) or Account Level setup instructions:

• AWS Organization Setup

• AWS Single Account Setup

Required Permissions for Setup

The following AWS permissions are required for the role which is setting up Heeler. These are needed to successfully run the CloudFormation or Terraform template for the AWS Organization level setup.

cloudformation:CreateStackSet
cloudformation:UpdateStackSet
cloudformation:DeleteStackSet
cloudformation:CreateStackInstances
cloudformation:DeleteStackInstances
cloudformation:DescribeStackSet
cloudformation:ListStackInstances
iam:CreateRole
iam:UpdateAssumeRolePolicy
iam:PutRolePolicy
iam:DeleteRolePolicy
iam:TagRole
iam:GetRole
iam:ListRoles
iam:CreatePolicy
iam:AttachRolePolicy
iam:DeletePolicy
iam:DetachRolePolicy
iam:GetPolicy
iam:GetPolicyVersion
iam:ListPolicies
iam:CreateServiceLinkedRole

You can confirm whether these permissions are in place by running this permission check script while signed in to your target AWS account: