Website
All collections/
Setting up OneClickComply/
Integration Guides/
Amazon Web Services Integration Guide

Amazon Web Services Integration Guide

rutuja.tilekar

Last updated: 29 October 2025

In this article, you will find:

  • A step-by-step guide for configuring your Amazon Web Services (AWS) environment, and integrating it with the OneClickComply platform.

Note: This guide is separated into two sections. You must follow the steps in the first section before moving onto the next, as incorrectly configuring your AWS environment will result in an unsuccessful integration.

Creating an IAM user within AWS

In order to establish a connection between the OneClickComply platform and your AWS environment, we require the use of an IAM (Identity and Access Management) user with read-only permissions. The first section of this guide has been designed to walk you through that process.

Note: There are multiple IAM User areas within AWS. Please ensure you follow the guide below carefully, otherwise you may configure your AWS account incorrectly, delaying integration.

  1. From your AWS dashboard, type 'IAM' into the search.

  2. Select Users from the Access Management dropdown on the left-hand side.

  3. From here, please select Create User. (You may use a pre-existing account for this process, however we would recommend creating a new IAM user to make tracking and troubleshooting easier).

  4. Add a memorable name for this account. We suggest something such as 'OneClickComply AWS Connection'.

  5. Once named, click the Next button to move to the Permissions page. (If you chose to use a pre-existing IAM user, go to the account, click the Permissions tab, then Add Permissions, and then Add Permissions again).

  6. Select Attach policies directly.

  7. Change the 'Filter by Type' to AWS managed - job function.

  8. Type 'Read' into the search box and tick ReadOnlyAccess.

Add permissions - ReadOnlyAccess policy

  1. Next, search for Security, and tick SecurityAudit.

Add permissions - SecurityAudit policy

  1. Click Next.

  2. Once on the Review and create screen, please ensure that you have selected the correct permissions before continuing.

  3. Select Create User.

  4. Once the user has been successfully created (or you have assigned the correct permissions to the pre-existing account), select the user again.

  5. Back on the user screen, click the Add Permissions dropdown (located within the Permissions tab in the middle of the page) and select Create Inline Policy.

Add permissions dropdown showing the create inline policy option in AWS

  1. Click the JSON button within the Policy Editor area.

  2. Delete the current contents of the JSON editor, and paste in the content below.

    Note - Please ensure that the formatting is also carried over. Incorrect formatting may lead to permissions being applied incorrectly.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "account:Get*",
        "appstream:Describe*",
        "appstream:List*",
        "backup:List*",
        "backup:Get*",
        "bedrock:List*",
        "bedrock:Get*",
        "cloudtrail:GetInsightSelectors",
        "codeartifact:List*",
        "codebuild:BatchGet*",
        "codebuild:ListReportGroups",
        "cognito-idp:GetUserPoolMfaConfig",
        "dlm:Get*",
        "drs:Describe*",
        "ds:Get*",
        "ds:Describe*",
        "ds:List*",
        "dynamodb:GetResourcePolicy",
        "ec2:GetEbsEncryptionByDefault",
        "ec2:GetSnapshotBlockPublicAccessState",
        "ec2:GetInstanceMetadataDefaults",
        "ecr:Describe*",
        "ecr:GetRegistryScanningConfiguration",
        "elasticfilesystem:DescribeBackupPolicy",
        "glue:GetConnections",
        "glue:GetSecurityConfiguration*",
        "glue:SearchTables",
        "glue:GetMLTransforms",
        "lambda:GetFunction*",
        "logs:FilterLogEvents",
        "lightsail:GetRelationalDatabases",
        "macie2:GetMacieSession",
        "macie2:GetAutomatedDiscoveryConfiguration",
        "s3:GetAccountPublicAccessBlock",
        "shield:DescribeProtection",
        "shield:GetSubscriptionState",
        "securityhub:BatchImportFindings",
        "securityhub:GetFindings",
        "servicecatalog:Describe*",
        "servicecatalog:List*",
        "ssm:GetDocument",
        "ssm-incidents:List*",
        "states:ListTagsForResource",
        "support:Describe*",
        "tag:GetTagKeys",
        "wellarchitected:List*"
      ],
      "Resource": "*",
      "Effect": "Allow",
      "Sid": "AllowMoreReadOnly"
    },
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:GET"
      ],
      "Resource": [
        "arn:*:apigateway:*::/restapis/*",
        "arn:*:apigateway:*::/apis/*"
      ],
      "Sid": "AllowAPIGatewayReadOnly"
    }
  ]
}

  1. Click Next.

  2. Now assign a name to this new policy. We recommend using a recognisable name that is easily identifiable for administrators so that it is not accidentally deleted. In the example below we have used the name OneClickComply-ReadOnly.

A screenshot of the policy details area of AWS

  1. Scroll down the page and select Create Policy.

  2. Your IAM user should now look like the following:

IAM user showing the assigned permissions

After your IAM user account has been successfully created and granted the correct permissions, your AWS account can now be connected to the OneClickComply platform. You may now move onto the second section of this support article.

Integrating your AWS environment with OneClickComply

Please follow the steps outlined below to connect your Amazon Web Services environment to the OneClickComply platform.

  1. Once you have created the necessary IAM user with the required permissions, re-open the user and navigate to the Access Keys section.

  2. This new account should not have any existing access keys assocoated with it. Select Create access key button, the choose the option for Third-party service.

  3. Click Next.

  4. (Optional) Assign a short description for this access key. It can even be as simple as 'OneClickComply Access Key'.

  5. Click Create Access Key.

  6. Note - Please keep the Retrieve Access Keys page open, as you will need both your Access Key ID and Secret Access Key for the integration process.

  7. Open the OneClickComply platform and select the Integrations tab from the navigation bar on the left-hand side.

  8. Click Add on the Amazon Web Services integration.

AWS integration guide

  1. Once on this new screen, select Add Connection to begin connecting your AWS environment to the platform.

AWS integration screen showing the 'Add Connection' button

  1. From here, follow the set-up guide within the platform which will explain how to connect your AWS environment to the platform.

    Note: You will need to copy your newly created Access key and Secret access key into their respective sections.

  2. Once both keys are added, click the Submit button to finish the integration process.

  3. Once all these steps are completed, the OneClickComply platform will have successfully paired with AWS. The platform will then begin automatically scanning your environment for gaps and misconfigurations in-line with the standards you have access to as part of your subscription package.

  4. To view these misconfigurations, navigate to the Standards area, located within the Compliance tab.

  5. Edit the status of the standards you wish to work towards, and set them to Active. This will cause any identified misconfigurations or gaps to appear within the Controls Management area.

To learn more about managing compliance standards and controls, please review our dedicated support articles.

Related articles
Microsoft 365 Integration Guide
Google Workspace Integration Guide
Microsoft Azure Integration Guide
Google Cloud Platform Integration Guide
Managing Your Integrations
Did you find this article helpful?