This guide walks you through setting up an AWS integration using the role ARN-based connection method.
Prerequisites
Before starting, ensure you have:
AWS account administrator access or appropriate IAM permissions
Access to AWS Management Console
Your AWS Account ID
Step-by-Step Setup Process
Step 1: Access the AWS Integration Dialog
Navigate to Integrations in the Swise menu
Locate the Amazon Web Services integration and click Connect
The "Connect Amazon Web Services" dialog will open
Step 2: Enter Account Information
In the Account ID tab (the first tab), enter your information:
Account ID: Enter your 12-digit AWS Account ID (e.g.,
123456789012)Provider alias: (Optional) Enter a friendly name to identify this AWS account (e.g., "Production AWS" or "Dev Environment")
Click Authorisation method → to proceed to the next step
Step 3: Select Authorisation Method
In the Authorisation method tab, you'll see two options:
Connect assuming IAM role ✅ (Recommended and only available option)
Connect via credentials (Coming soon)
Select Connect assuming IAM role (it should be pre-selected)
Note the explanation: "This method requires an IAM role using one of the templates provided in the next step (recommended)."
Click Credentials → to proceed
Step 4: Create IAM Role in AWS
Before proceeding with the credentials setup, you need to create a read-only IAM role in your AWS account. You have two options:
Option A: Using CloudFormation quick link (Recommended)
In the Credentials tab use the provided Quick-link which will redirect you to your AWS account with all of the necessary IAM role creation settings pre-filled.
After signing in to your AWS, review and complete the role creation process, which creates a role for Swise to assume when connecting to your account.
Option B: Using CloudFormation Template
Click the CloudFormation Template link in the application
This will download or open a CloudFormation template
In AWS Console, go to CloudFormation > Create Stack
Upload the template and follow the deployment wizard
Note the Role ARN from the stack outputs
Step 5: Configure Credentials
External ID: Copy the provided External ID exactly as shown
Example:
328sjdd-shd64hsd-kds9833d-sd2kaift4This is a unique identifier that must be used when creating your IAM role
Once the IAM role is configured, complete your credentials setup by completing the following:
Role ARN: Enter the complete ARN of the IAM role you created in Step 4
Format:
arn:aws:iam::123456789012:role/YourRoleName
External ID: (This should auto-populate, but verify it matches the one shown above)
Role session name: (Optional) Enter a name for the role session
Default format:
328sjdd-shd64hsd-kds9833d-sd2kaift4This helps identify the session in AWS CloudTrail logs
Session duration (seconds): Set the session duration
Default:
3600(1 hour)Range: 900 seconds (15 minutes) to 43,200 seconds (12 hours)
Choose based on your security requirements
Click Compliance standards → to proceed
Step 6: Select Compliance Standards
In the Compliance standards tab, choose which security frameworks to evaluate against:
Presented option
Swise will pre-select an option to match your organisation's Security Compliance project. For example if your organisation's security compliance project is SOC2 then the options pre-selected here will also be SOC2.
This settings enables Swise to monitor the security of this integration specifically against the compliance standard relevant to your organisation.
CIS Controls V8 (Optional)
Check this option if you'd like to also monitor the AWS source from the perspective of the CIS Controls framework.
Click Connect to finalise the setup
Step 7: Swise will make the connection 🎉
After clicking Connect, Swise system will authenticate with AWS and monitoring will be activated
Soon results from this monitoring will become available in the Cloud Security dashboard, which you can access by selecting Cloud Security from the Swise menu.