Skip to main content

Overview

Connect your AWS account to Annie to enable real-time infrastructure mapping, monitoring, and intelligent insights. Annie will ingest your AWS resources and relationships to build a comprehensive knowledge graph of your cloud environment.

Setup Guide

  1. Go to the Anyshift integrations page
  2. Navigate to the AWS section
  3. Follow the setup instructions to connect your AWS account

Step 1: Create IAM User

Choose your preferred method:
  1. Using Terraform (Highly Recommended)
resource "aws_iam_user" "annie_user" {
  name = "annie-readonly-user"
}

resource "aws_iam_access_key" "annie_access_key" {
  user = aws_iam_user.annie_user.name
}

resource "aws_iam_user_policy_attachment" "read_only_access" {
  user       = aws_iam_user.annie_user.name
  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
}
  1. Using AWS Console
  • Go to IAM → Users → Add User
  • Enable Programmatic Access
  • Attach “ReadOnlyAccess” policy
  • Save Access Key ID and Secret Access Key

Step 2: Configure in Anyshift

  • Enter the Access Key ID and Secret Access Key you obtained from the IAM user creation step.
  • Provide a descriptive AWS Account Name label (e.g., "read_only_user_for_anyshift").
For granular control, you can limit access to specific resources:
data "aws_iam_policy_document" "annie_minimal_access" {
  statement {
    sid    = "AllowComputeResources"
    effect = "Allow"
    actions = [
      "ec2:Describe*",
      "eks:Describe*",
      "eks:List*",
      "ecs:Describe*",
      "ecs:List*",
      "lambda:List*",
      "lambda:Get*",
      "autoscaling:Describe*",
      "elasticbeanstalk:Describe*",
      "elasticbeanstalk:List*",
      "lightsail:Get*",
      "lightsail:List*",
      "batch:Describe*",
      "batch:List*"
    ]
    resources = ["*"]
  }

  statement {
    sid    = "AllowStorageResources"
    effect = "Allow"
    actions = [
      "s3:List*",
      "s3:Get*",
      "rds:Describe*",
      "rds:List*",
      "dynamodb:Describe*",
      "dynamodb:List*",
      "elasticache:Describe*",
      "elasticache:List*",
      "efs:Describe*",
      "fsx:Describe*",
      "fsx:List*",
      "backup:Describe*",
      "backup:List*"
    ]
    resources = ["*"]
  }

  statement {
    sid    = "AllowNetworkResources"
    effect = "Allow"
    actions = [
      "vpc:Describe*",
      "ec2:DescribeVpcs",
      "ec2:DescribeSubnets",
      "ec2:DescribeSecurityGroups",
      "ec2:DescribeRouteTables",
      "ec2:DescribeNetworkInterfaces",
      "ec2:DescribeInternetGateways",
      "ec2:DescribeNatGateways",
      "ec2:DescribeVpcEndpoints",
      "elasticloadbalancing:Describe*",
      "route53:List*",
      "route53:Get*",
      "cloudfront:List*",
      "cloudfront:Get*",
      "globalaccelerator:List*",
      "globalaccelerator:Describe*"
    ]
    resources = ["*"]
  }

  statement {
    sid    = "AllowIdentityResources"
    effect = "Allow"
    actions = [
      "iam:List*",
      "iam:Get*"
    ]
    resources = ["*"]
  }

  statement {
    sid    = "AllowMonitoringResources"
    effect = "Allow"
    actions = [
      "cloudwatch:Describe*",
      "cloudwatch:List*",
      "cloudwatch:Get*",
      "logs:Describe*",
      "logs:List*",
      "health:Describe*",
      "cloudtrail:Describe*",
      "cloudtrail:List*",
      "cloudtrail:Get*"
    ]
    resources = ["*"]
  }

  statement {
    sid    = "AllowApplicationResources"
    effect = "Allow"
    actions = [
      "sns:List*",
      "sns:Get*",
      "sqs:List*",
      "sqs:Get*",
      "mq:List*",
      "mq:Describe*",
      "apigateway:GET",
      "apigateway:HEAD",
      "appsync:List*",
      "appsync:Get*",
      "elasticmapreduce:List*",
      "elasticmapreduce:Describe*",
      "kafka:List*",
      "kafka:Describe*",
      "kinesis:List*",
      "kinesis:Describe*"
    ]
    resources = ["*"]
  }
}
This provides read-only access to common AWS resources while maintaining security best practices.

Features Enabled

Resource Monitoring

Real-time visibility into your cloud infrastructure

Dependency Mapping

Understand your infrastructure dependencies

Try Annie Today

Start building your infrastructure knowledge graph and unlock intelligent infrastructure management.
I