Receptors & Integrations
      Back to home
      1. Trustero Support
      2. Trustero User Guide
      3. Receptors & Integrations

      Can the AWS receptor use narrower permissions?

      It is possible to use more fine-grained permissions than provided by the read-only profile, but it comes with challenges

      Trustero's AWS receptor instructions recommend creating an IAM user that uses the ReadOnlyAccess policy to provide access to data the receptor needs to pull from AWS. That policy, while not allowing write access, still enables all read privileges. Sometimes customers wonder if that can be narrowed. The answer is yes, it can be narrowed, but introduces potential maintenance tasks:

      1. AWS IAM permissions knowledge: you have to know which permissions to provide. This will be based on the AWS services you use and want gather evidence from using the receptor.
      2. Additional IAM user configuration: you will need to configure the user to use those specific permissions. 
      3. Permissions maintenance/updates: If additional evidence is desired, you will need to update the permissions. This can happen because you use additional services that you didn't use before or the AWS receptor gains more capabilities (which happens fairly often). 

      Related: How does Trustero ensure receptors (integrations) are secure?