Other Integrations & Connections

Porting AWS Integrations Across Regions

  • Updated

Vanta users with an AWS integration must create an IAM role granting permissions to a Vanta AWS account. Vanta has different AWS accounts in NA and EU, and any customer migrating from NA to EU or vice-versa will need to update their IAM role with Vanta’s other account. If this is not done, Vanta cannot integrate with AWS post-migration, resulting in potentially incorrect data and test results.

Instructions   

  1. Open the AWS console and navigate to the vanta-auditor IAM role (https://console.aws.amazon.com/iamv2/home#/roles/details/vanta-auditor). This role should have been created when the Vanta integration was first set up.
  2. Open the Trust relationships tab and click the Edit trust policy button. The trust policy should look something like:

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Principal": {
    "AWS": "arn:aws:iam::XXXXXXXXXXXX:root"
    },
    "Action": "sts:AssumeRole",
    "Condition": {
    "StringEquals": {
    "sts:ExternalId": "XXXXXXXXXXXXXXX"
    }
    }
    }
    ]
    }
  3. The Principal AWS value should be replaced like in the following example. Only the Principal AWS should be updated; the ExternalId should be left intact.

    {
    "Version":"2012-10-17",
    "Statement":[
    {
    "Effect":"Allow",
    "Principal":{
    "AWS":[
    "arn:aws:iam::956993596390:root",
    "arn:aws:iam::850507053895:root"
    ]
    },
    "Action":"sts:AssumeRole",
    "Condition":{
    "StringEquals":{
    "sts:ExternalId":"XXXXXXXXXXXXXXX"
    }
    }
    }
    ]
    }
  4. Repeat steps 1, 2 and 3 for every AWS account you have integrated with Vanta.