Skip to main content
All CollectionsIntegrations
AWS Connection Details
AWS Connection Details

This article walks through the details of configuring AWS to connect to Drata.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago


Connecting Amazon Web Services (aka "AWS") to Drata allows for the automated, continuous monitoring and evidence collection of the dozens of infrastructure security controls required for compliance.


Make sure you have an IAM account that has access to create new roles.

Overview of what we're going to set up

  • Create a new Role for Drata to gain Cross-Account Access to your AWS account.

  • Get the new Role ARN to input into Drata

Create a new Role

  1. Log in to the AWS Console with an account that has access to create a new role.

  2. Go to the IAM service, once there, click on Roles in the sidebar.

  3. Click on the Create role button, then the Another AWS account button.

  4. Use the following values to fill out the form

Account ID:


5. Check the Require external ID checkbox, and enter your Drata account ID into the External ID field.

The value below is just an example... you will get your REAL account ID within the Drata app when connecting AWS.

​External ID:


(Note: Leave the Require MFA checkbox un-checked)

6. Click the Next: Permissions button.

7. Copy and paste the Read Only Access permission for Security Audits into the search field and press enter. Scroll to the bottom of the list and select the SecurityAudit role.

Read Only Access Permission for Security Audits:


8. Click the Next: Tags button. Optionally add tags if your company uses them.

9. Click the Next: Review button.

10. Copy and paste the fields below into the form, then click the Create role button. Ensure that the value for Role Name is copied exactly as listed below.

Role Name:


Role Description:

Cross-account read-only access for Drata Autopilot

Get the new Role ARN to input into Drata

  1. Click on the new Role you just created, named DrataAutopilotRole.

  2. Copy and paste the Role ARN value on AWS into the Role ARN field on Drata.

πŸŽ‰ You have just successfully setup proper read-only access for Drata πŸŽ‰

Did this answer your question?