Skip to content
English
  • There are no suggestions because the search field is empty.

Amazon Web Services (AWS)

Find out how to set up integrations between the Copla Platform and your AWS setup.

What this article covers: 

 

Requirements

You must have sufficient permissions to create new roles in your company's AWS account - typically, this requires administrator access or IAM permissions to create and manage roles.

Deploy the CloudFormation stack provided by Copla and copy the Role ARN and External ID from the stack Outputs tab.


Permissions

  • Scope: Copla requires read-only access using the AWS-managed SecurityAudit policy.

  • What data we collect: Copla collects Assets and Access Control information.


Default Resources

 

Global

  • IAM roles (excluding AWS service-linked roles)
  • IAM policies (customer-managed policies that are attached)
  • Route 53 hosted zones
  • CloudFront distributions
  • WAF web ACLs for CloudFront (global scope)

Region Specific

  • S3 buckets
  • EC2 instances
  • VPCs
  • Subnets
  • Elastic Load Balancers (ALB/NLB via ELBv2)
  • ECS clusters
  • EKS clusters
  • RDS DB instances
  • DynamoDB tables
  • ElastiCache cache clusters
  • ElastiCache replication groups
  • ElastiCache serverless caches
  • OpenSearch domains
  • KMS keys
  • KMS aliases (excluding AWS-managed alias/aws/*)
  • GuardDuty detectors
  • EventBridge event buses
  • EventBridge rules
  • API Gateway REST APIs (v1)
  • API Gateway HTTP/WebSocket APIs (v2)
  • AppSync GraphQL APIs
  • CloudTrail trails
  • CloudWatch alarms (metric + composite)
  • CloudWatch log groups
  • SNS topics
  • SQS queues
  • WAF web ACLs (regional scope)

Step-by-Step Guide