Integrations permissions requirements

Created:

November 1, 2023

Updated:

September 2, 2024



View below the various permissions requirements for AWS and Azure integrations.

AWS API Inventory Scanning


     {
    "Action": [
        "apigateway:GET",
        "elasticloadbalancing:DescribeSSLPolicies",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeListeners",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeListenerCertificates",
        "elasticloadbalancing:DescribeRules",
        "wafv2:ListWebACLs",
        "wafv2:GetWebACL",
        "waf:ListWebACLs",
        "waf:GetWebACL",
        "lambda:ListFunctions",
        "lambda:ListFunctionUrlConfigs",
        "lambda:GetFunctionUrlConfig",
        "lambda:GetFunction",
        "lambda:ListTags",
        "appsync:ListGraphqlApis",
        "appsync:GetGraphqlApi",
        "appsync:GetSchemaCreationStatus",
        "appsync:GetIntrospectionSchema",
        "appsync:ListDomainNames",
        "appsync:GetApiAssociation"
    ],
    "Resource": "*",
    "Effect": "Allow"
}

AZURE API Inventory Scanning

Assign the IAM role of Reader.

FireTail API Gateway logging in an AWS Region with AWS Lambda


          {
                  "Effect": "Allow",
                  "Action": "apigateway:PATCH",
                  "Resource": [
                    "arn:aws:apigateway:*::/restapis/*",
                    "arn:aws:apigateway:*::/apis/*/stages/*"
                  ]
                }

Learn how to set up the following integrations: