# Connecting AWS to Osto * Open the [AWS Management Console](https://aws.amazon.com/console/) and sign in with your AWS credentials. * You’ll need to collect a few identifiers and credentials during this setup — follow the steps below carefully. {% stepper %} {% step %} ### Find Your AWS Account ID Your **AWS Account ID** uniquely identifies your AWS account and is required for integration. To find it: * In the AWS Console, search for **IAM**. * Open the **IAM (Identity and Access Management)** service.

* On the **IAM Dashboard**, locate the **AWS Account** section.

* Copy the **Account ID** and save it — you’ll need it later. {% endstep %} {% step %} ### Create or Use an Existing IAM User Osto connects to AWS using an IAM user with restricted, read-only permissions. If you don’t already have one, create it: * In the IAM sidebar, click **Users**. * Click **Create user**.

* Enter a user name (for example, `osto-cloud-security-posture-management`). * Click **Next**.

{% endstep %} {% step %} ### Assign Permissions to the IAM User Osto requires read-only access to scan and assess your cloud resources. Assign the following AWS-managed policies: * Under **Set permissions**, choose **Attach policies directly**. * Search for and select the following policies: * **SecurityAudit** * **ViewOnlyAccess**

* Click **Next**, review details, and then click **Create user**. {% endstep %} {% step %} ### Create Access Keys Osto authenticates using access keys associated with your IAM user. To create one: * Return to **IAM → Users**. * Click on the user you created. * Go to the **Security credentials** tab. * Scroll down to **Access keys** and click **Create access key**.

* Choose **Third-party service** (for integrations and monitoring). * Check the confirmation box and click **Next**.

{% endstep %} {% step %} ### (Optional) Add a Description Tag * Add a tag description such as **"Osto integration key for monitoring resources"**. * Click **Create access key**.

{% endstep %} {% step %} ### Retrieve and Secure Your Keys After the access key is created, the console will display: * **Access Key ID** * **Secret Access Key**

{% hint style="danger" %} The Secret Access Key is only shown once. Copy and store it securely — if it’s lost, you must create a new key. {% endhint %} Click **Done** after securely saving both values. {% endstep %} {% step %} ### Fill in the Osto Cloud Connector Form In the Osto platform, open the **Connect a Cloud Provider** window and select **Amazon Web Services (AWS)**. Fill in the fields as follows: * **Name:** A friendly name for your AWS connection (e.g., “Prod AWS Account”). * **Description:** Optional description for easier identification. * **AWS Account ID:** The account ID you copied earlier. * **Access Key ID:** The Access Key ID from the IAM user you created. * **Secret Access Key:** The Secret Access Key generated in the previous step. Once filled, click **Connect** to authenticate and establish the integration. {% endstep %} {% step %} ### Verify Connection After connecting successfully: * Your AWS assets will start syncing automatically. * The **Osto Dashboard** will display asset count and necessary metrics. * The connector’s status will change to **Active**. {% endstep %} {% endstepper %} ## Permissions Reference At minimum, the IAM user must have: * `SecurityAudit` * `ViewOnlyAccess` If your organization enforces least privilege, you may instead assign a custom IAM role restricted to Osto’s required read-only actions. ## Summary of Required Values | Parameter | Source | Example | | ----------------- | ---------------------------------- | ------------------------------------------ | | AWS Account ID | IAM Dashboard → AWS Account | `123456789012` | | Access Key ID | IAM → Users → Security credentials | `AKIAIOSFODNN7EXAMPLE` | | Secret Access Key | Shown once upon key creation | `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY` | ## Troubleshooting (expandable)

Verify attached policies if connection fails

If the connection fails, verify that the IAM user has both **SecurityAudit** and **ViewOnlyAccess** policies attached.

Check Access Key and Secret

Double-check that your **Access Key ID** and **Secret Access Key** are correct.

Lost Secret Access Key

If the **Secret Access Key** is lost, create a new access key — it cannot be retrieved later.

Network connectivity

Ensure your network allows outbound connections to Osto’s API endpoints.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://osto-cybersecurity.gitbook.io/osto/knowledge-base/how-to-guides/posture-management/cloud-security/connecting-aws-to-osto.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.