AWS EC2 is an Enrichment input connector. Connect to AWS to retrieve EC2 asset data. Create an AWS IAM Role to grant access to Monad.

IP Allowlists

You might need to add the Monad IP range of to your AWS EC2 allowlist, so Monad can connect to it.

To connect Monad to your AWS account, you need to create an AWS IAM Role that grants specific access to the Monad using the Monad AWS ID 271127603659.

Create a new AWS Role for Monad

Before you connect to Monad, create a new, limited-access Role that Monad can use to connect to and read from your AWS instance. Refer to the AWS documentation on creating a role for an external user for detailed instructions.

  1. Log in to your AWS account, and go to the AWS Management Console’s IAM screen.
  2. Choose Roles and click Create role.
  3. Choose the Another AWS account option and click Next.
  4. In the screen that appears, enter the Monad account ID: 271127603659.
  5. Make sure that Require external ID is selected, and enter a descriptive ID, for example MonadExternalId.
  6. Make sure that Require MFA is deselected, and click Next.
  7. In the search bar, search for the SecurityAudit policy, select it, and click Next.
  8. On the last page, enter monad-role for the Role name. You can also add a description. Click Create role.
  9. AWS creates the role, and returns you to the IAM list of roles. Search for the new monad-role, click it, and find the Role ARN at the top of the Summary page that appears.
  10. Copy that ARN so you can use it to connect to Monad. It should look something like arn:aws:iam::271127603659:role/monad-role.

By using the SecurityAudit policy, you grant Monad read-only access to your AWS information. This means that as we expand Monad’s model and functionality, your data will automatically get updated. If your organization’s security policies don’t allow you to use the stock SecurityAudit policy, you can create your own. Make sure that the policy has access to EC2 resources.

Set up an AWS connector

To set up an AWS connector, you need the following information:

  • the role ARN (Amazon Resource Name) for the monad-role you created (copied in step 10 above), which will look something like arn:aws:iam::271127603659:role/monad-role

Once you have this information, you set up the connector:

  1. Log in to your Monad account, and click Add connector.
  2. Select the AWS connector.
  3. Optionally, change the default name for the connector. This name serves as a label for the connector in the Monad app, and you can change it later.
  4. Enter the role ARN, or the information for your service user (e.g. arn:aws:iam::271127603659:role/monad-role).
  5. (Optional) - set your connector schedule
  6. Click Connect.

That’s it! Monad tests the connection to AWS and, if successful, begins syncing data from your AWS accounts to your Monad account.

This page was last modified: 9 Oct 2023