If you already have AWS integrated with Vanta, you have the ability to allow Vanta to read resources from the Identity Store.
- First, you will need to update the permissions of your "VantaAdditionalPermissions" policy in AWS. The following permissions need to be added to the policy
"identitystore:Describe*",
"identitystore:Get*",
"identitystore:IsMemberInGroups",
"identitystore:List*"
- You can add these in the "Allow" section of your VantaAddtionalPermissions policy:
- After the policy has been updated, Navigate to the integrations page and select Manage>Edit on the AWS integration:
- Select the pencil icon next to your account
- Enable the AWS IAM Identity Center option
- You will find the Identity store ID and IAM Identity Center ARN information on the Settings page of the IAM identity center in the AWS console here