Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

Requirements

FedRAMP customers who access Devo through devogov.us should send data from their AWS GovCloud partition account to Devo using the SQS collector with cross account roles.

To send data from any non-GovCloud partition to devogov.us, use access key authentication.

GovCloud configuration must be applied to every policy and configuration file.

Field

GovCloud value

Non-GovCloud value

Partition

aws-us-gov

aws

Devo’s AWS account

210253767148

837131528613

Devo’s Role

arn:aws-us-gov:iam::210253767148:role/devo-xaccount-cc

arn:aws:iam::476382791543:role/devo-xaccount-cc

The aws_base_account_role line must be included in the configuration of GovCloud SQS collectors. It may be omitted in other SQS collectors.

Example Collector Configuration

{
  "inputs": {
    "sqs_collector": {
      "base_url": "https://sqs.us-gov-west-1.amazonaws.com/012345678901/examplesqs",
      "credentials": {
        "aws_base_account_role": "arn:aws-us-gov:iam::210253767148:role/devo-xaccount-cc",
        "aws_cross_account_role": "arn:aws-us-gov:iam::012345678901:role/examplesqs",
        "aws_external_id": "child@parent.collector.devogov.us"
      },
      "id": "12345",
      "region": "us-gov-west-1",
      "services": {
        "aws_sqs_waf": {}
      }
    }
  }
}
  • No labels