Minimum AWS permissions to launch Plerion CloudFormation stack

You need the following minimum AWS permissions to launch the Plerion CloudFormation stack and enable CSPM, CIEM, and CWPP capabilities.

Attach this policy to the IAM role or user that will deploy the Plerion stack.
After the stack has been successfully launched, you can remove the policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Action": [
                "cloudformation:GetTemplateSummary",
                "cloudformation:CreateStack",
                "cloudformation:DescribeStackEvents",
                "cloudformation:DescribeStacks",
                "cloudformation:ListStacks",
                "cloudformation:ListStackResources",
                "iam:GetPolicy",
                "iam:GetRole",
                "iam:GetRolePolicy",
                "iam:CreateRole",
                "iam:CreatePolicy",
                "iam:ListPolicyVersions",
                "iam:ListRoles",
                "iam:PutRolePolicy",
                "iam:AttachRolePolicy",
                "iam:PassRole",
                "iam:TagRole",
                "iam:CreateInstanceProfile",
                "iam:AddRoleToInstanceProfile",
                "iam:GetInstanceProfile",
                "lambda:CreateFunction",
                "lambda:GetFunction",
                "lambda:InvokeFunction",
                "lambda:TagResource"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Linking target accounts to an AWS service account Provide Plerion access to KMS keys

Getting started

Administration

Integrations

Platform