AWS EC2

AWS EC2 integration allows your product to pull metadata about EC2 instances, including public/private IPs, instance IDs, security groups, subnets, and tags. This is useful for inventory, monitoring, and security audits.

Credentials Needed

Access Key ID
Secret Access Key

You can create these using an IAM user or use an IAM role if your integration runs within AWS (EC2, Lambda, or ECS).

IAM Permissions

To read EC2 metadata without modifying resources, the following read-only permissions are required:

Service	Actions
EC2	`ec2:DescribeInstances`, `ec2:DescribeNetworkInterfaces`, `ec2:DescribeSecurityGroups`, `ec2:DescribeSubnets`, `ec2:DescribeVpcs`, `ec2:DescribeTags`

IAM Policy JSON:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EC2ReadOnly",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "ec2:DescribeTags"
            ],
            "Resource": "*"
        }
    ]
}

Creating Users

Go to AWS Console → IAM → Users → Add User
Name the user (e.g., EC2IntegrationUser)
Select Programmatic Access
Attach the EC2ReadOnlyPolicy created above
Finish creation and copy the Access Key ID and Secret Access Key

Optionally, if your integration runs in AWS, create an IAM Role with the same policy and attach it to your EC2/Lambda/ECS.

Test Connectivity

Use AWS CLI or SDK to verify read-only access:

# List EC2 instances
aws ec2 describe-instances --region us-east-1 --access-key <ACCESS_KEY> --secret-key <SECRET_KEY>

# List network interfaces
aws ec2 describe-network-interfaces --region us-east-1

Check that public/private IPs, instance IDs, and tags are returned correctly.

Save the Results in the Platform and Create Connection

Store credentials securely in your platform:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_REGION
Create a connection configuration in your product pointing to AWS EC2.
Validate the connection by fetching EC2 instances and metadata.

Best Practices

Use least privilege principle—only allow read access for integration.
Prefer IAM Roles over static keys when running within AWS.
Limit access to specific regions if your platform only needs certain regions.
Rotate credentials periodically for security.
Use encrypted storage for secrets in your platform.

Credentials Needed​

IAM Permissions​

Creating Users​

Test Connectivity​

Save the Results in the Platform and Create Connection​

Best Practices​