AWS IAM Integration with WatchGuard CloudDR
Applies To: WatchGuard CloudDR
AWS Identity and Access Management (IAM) is a web service used to securely control access to AWS resources. AWS IAM enables you to set and manage guardrails and fine-grained access controls for your workforce and workloads. This guide describes how to integrate AWS IAM with CloudDR to monitor identities, roles, permissions, and access configurations across your AWS environment to ensure security and compliance.
Available Features
- Misconfiguration Rules
- Identity Rules
- User Inventory
Prerequisites
To configure this integration, you must have an AWS account and an IAM user with permission to read IAM resources such as users, roles, and policies.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"iam:ListUsers",
"iam:ListMFADevices",
"iam:ListGroups",
"iam:GetGroup",
"iam:ListPolicies",
"iam:ListUserPolicies",
"iam:ListAttachedUserPolicies",
"iam:GetAccountPasswordPolicy",
"iam:ListSAMLProviders",
"iam:ListOpenIDConnectProviders"
],
"Resource": "*"
}
]
}
If you do not have an Access Key, complete these steps in AWS:
- Log in to your AWS IAM account in the IAM console at https://console.aws.amazon.com/iam/.
- On the IAM Console Home page, in the left navigation pane, enter Users in the Search IAM text box.
- On the IAM users page, click the user name of an existing user or click Create users to create a user.
- Select the Security credentials tab.
- In the Access keys section, click Create access key.
- Copy the generated Access key and Secret key and save the credentials in a secure location.
The Access Key and Secret Access Key form the key pair used to authenticate users.
Configure the AWS IAM Integration in CloudDR
To integrate AWS IAM with CloudDR:
- In WatchGuard Cloud, select Configure > CloudDR.
- Select the Integrations tab.
- (Service Providers) From the Select Integrations View drop-down list, select Add Integrations.

- In the AWS IAM widget, click Add.
- Click Start Integration.
- On the Access Key page, enter the Access Key ID. Click Next.
- On the Secret Key page, enter the Secret Access Key.
- Click Submit.