Installation

The AWS integration is deployed using Terraform on AWS ECS cluster service.
It uses our Terraform Ocean Integration Factory module to deploy the integration.

Infrastructure

The AWS integration uses the following AWS infrastructure:

Live events diagram

Prerequisites

Permissions

In order to successfully deploy the AWS integration, it's crucial to ensure that the user who deploys the integration in the AWS Organization has the appropriate access permissions to create all of the above resources.

Installation walkthrough using terraform

Go to Port's Data Sources and click on AWS.
Edit and copy the installation command.
Run the command in your terminal to deploy the AWS integration.

Manual installation (AWS)

Create the infrastructure using the AWS Console.
For the ECS Service image use the following image: ghcr.io/port-labs/port-ocean-aws:latest.
Add the following environment variables to the ECS Task Definition:

Environment Variables

Variable	Description
`OCEAN__PORT__CLIENT_ID`	The client ID of the Port integration.
`OCEAN__PORT__CLIENT_SECRET`	The client secret of the Port integration.
`OCEAN__PORT__BASE_URL`	Your Port API URL - `https://api.getport.io` for EU, `https://api.us.getport.io` for US
`OCEAN__INTEGRATION__CONFIG__LIVE_EVENTS_API_KEY`	(Optional) AWS API Key for custom events, used to validate the event source for real-time event updates.
`OCEAN__INTEGRATION__CONFIG__ORGANIZATION_ROLE_ARN`	(Optional) AWS Organization Role ARN, in case the account the integration is installed on is not the root account, used to read organization accounts for multi-account access.
`OCEAN__INTEGRATION__CONFIG__ACCOUNT_READ_ROLE_NAME`	(Optional) AWS Account Read Role Name, the role name used to read the account in which the integration is not installed on, used for multi-account access..
`OCEAN__EVENT_LISTENER`	The event listener object.
`OCEAN__INTEGRATION__IDENTIFIER`	The identifier of the integration.
`OCEAN__INTEGRATION__TYPE`	should be set to `aws`.

Manual installation (on-premise)

Create an IAM user with the following permissions:
- arn:aws:iam::aws:policy/ReadOnlyAccess
- account:ListRegions
- sts:AssumeRole
Run the following Docker image: ghcr.io/port-labs/port-ocean-aws:latest.
(For live updates): expose the port 8000 to the internet.
Add the following environment variables to the Docker container:

Environment Variables

Variable	Description
`OCEAN__PORT__CLIENT_ID`	The client ID of the Port integration.
`OCEAN__PORT__CLIENT_SECRET`	The client secret of the Port integration.
`OCEAN__PORT__BASE_URL`	Your Port API URL - `https://api.getport.io` for EU, `https://api.us.getport.io` for US
`OCEAN__INTEGRATION__CONFIG__AWS_ACCESS_KEY_ID`	The AWS Access Key ID of the IAM user.
`OCEAN__INTEGRATION__CONFIG__AWS_SECRET_ACCESS_KEY`	The AWS Secret Access Key of the IAM user.
`OCEAN__INTEGRATION__CONFIG__LIVE_EVENTS_API_KEY`	(Optional) AWS API Key for custom events, used to validate the event source for real-time event updates.
`OCEAN__INTEGRATION__CONFIG__ORGANIZATION_ROLE_ARN`	(Optional) AWS Organization Role ARN, in case the account the integration is installed on is not the root account, used to read organization accounts for multi-account access.
`OCEAN__INTEGRATION__CONFIG__ACCOUNT_READ_ROLE_NAME`	(Optional) AWS Account Read Role Name, the role name used to read the account in which the integration is not installed on, used for multi-account access..
`OCEAN__EVENT_LISTENER`	The event listener object.
`OCEAN__INTEGRATION__IDENTIFIER`	The identifier of the integration.
`OCEAN__INTEGRATION__TYPE`	should be set to `aws`.

Further Examples

Refer to the examples page for practical configurations and their corresponding blueprint definitions.

Installation

Infrastructure​

Prerequisites​

Permissions​

Installation walkthrough using terraform​

Manual installation (AWS)​

Manual installation (on-premise)​

Further Examples​