Documentation

PolicyCortex Multi-Cloud Integration: AWS, Azure & GCP Governance

Connect PolicyCortex with your cloud providers for comprehensive governance coverage.

AWS Integration

Prerequisites

  • AWS CLI installed and configured
  • IAM permissions to create roles and policies
  • Access to AWS Organizations (for multi-account setup)

1. Create Trust Policy

trust-policy.jsonjson
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "replace-with-your-external-id"
        }
      }
    }
  ]
}

2. Create PolicyCortex IAM Role

Setup AWS IAM Rolebash
# Create the IAM role
aws iam create-role \
  --role-name PolicyCortexRole \
  --assume-role-policy-document file://trust-policy.json \
  --description "Role for PolicyCortex cloud governance platform"

# Attach AWS managed policies
aws iam attach-role-policy \
  --role-name PolicyCortexRole \
  --policy-arn arn:aws:iam::aws:policy/SecurityAudit

aws iam attach-role-policy \
  --role-name PolicyCortexRole \
  --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

# Get the role ARN for PolicyCortex configuration
aws iam get-role --role-name PolicyCortexRole --query 'Role.Arn' --output text

Azure Integration

Create Service Principal

Azure Service Principal Setupbash
# Login to Azure
az login

# Create service principal
az ad sp create-for-rbac \
  --name "PolicyCortex" \
  --role "Reader" \
  --scopes /subscriptions/{subscription-id}

# Assign additional roles for governance
az role assignment create \
  --assignee {service-principal-id} \
  --role "Security Reader" \
  --scope /subscriptions/{subscription-id}

az role assignment create \
  --assignee {service-principal-id} \
  --role "Cost Management Reader" \
  --scope /subscriptions/{subscription-id}

GCP Integration

Create Service Account

GCP Service Account Setupbash
# Create service account
gcloud iam service-accounts create policycortex \
  --display-name="PolicyCortex Service Account" \
  --description="Service account for PolicyCortex governance platform"

# Assign necessary roles
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:policycortex@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/viewer"

gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="serviceAccount:policycortex@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/security.securityReviewer"

# Create and download key
gcloud iam service-accounts keys create ~/policycortex-key.json \
  --iam-account=policycortex@PROJECT_ID.iam.gserviceaccount.com
Previous: API ReferenceBack to Documentation