Skip to main content
ASIRI

Connect AWS for infrastructure evidence

Use the AWS connector to collect read-only evidence for cloud posture, IAM, S3, CloudTrail, and security monitoring controls.

Back to help center Contact support
Help center
Integrations and evidence7 min readUpdated May 2026Integrations > AWS
Access needed
AdminIntegration managerAWS administrator
ASIRI AWS connector setup page with IAM role, external ID, regions, trust policy, and permission policy
Use the AWS setup page to copy the external ID, review IAM trust and permission policies, enter monitored regions, and connect the read-only evidence role.
ASIRI evidence engine runs showing connector evidence status
After the first sync, review connector runs, collected evidence, freshness, and mapped controls in Evidence Engine.

What the connector does

The AWS evidence connector is designed for read-only evidence collection. ASIRI does not require customer-owned access keys in the application.

The recommended setup uses a customer-owned IAM role, an external ID, selected regions, and a limited permission policy scoped to supported evidence checks.

Before you start

  1. 1Confirm you are an ASIRI admin or integration manager.
  2. 2Ask your AWS administrator to review the trust policy and permission policy shown in ASIRI.
  3. 3Confirm the AWS account ID and regions that are in compliance scope.
  4. 4Confirm ASIRI production has its principal AWS account ID configured before onboarding real customers.

Connect AWS

  1. 1Open Integrations.
  2. 2Select AWS.
  3. 3Copy the external ID and trust policy from ASIRI.
  4. 4Create the read-only evidence role in the customer AWS account.
  5. 5Paste the customer AWS account ID, IAM role ARN, external ID, and regions into ASIRI.
  6. 6Select Connect, then run the first sync.

Evidence collected

AWS evidence can support controls around public storage exposure, IAM posture, CloudTrail logging, security monitoring, backup posture, and infrastructure change review.

Each connector run should show connection status, credential health, last successful sync, failed sync reason, evidence collected, mapped controls, and auditor-visible proof.

Related

Keep going in this area.

Monitor connector run health

Use connector health to find broken credentials, failed syncs, missed runs, retry states, and reconnect actions.

Read article

Understand evidence freshness and control coverage

Learn how ASIRI marks evidence as current, stale, expired, or missing and turns failed checks into remediation work.

Read article

Export an audit-ready evidence pack

Generate an evidence pack with control trace, evidence inventory, raw payload hashes, blockers, approvals, and claim boundaries.

Read article