AWS IAM Streaming Configuration

This guide provides steps on how to enable real-time data streaming for a AWS IAM connection and monitor streaming events within the Forcepoint DSPM platform.

Create a policy

  1. In the navigation pane on the left, choose Policies and then choose Create policy.

  2. In the Policy editor section, find the Select a service section, then choose IAM service, and select Next.

  3. In Actions allowed, choose the below actions to add to the policy:
    • GetPolicy
    • GetUserPolicy
    • ListUserPolicies
    • ListAttachedGroupPolicies
    • ListAttachedUserPolicies
    • ListGroups
    • ListUsers
    • ListGroupsForUser
    • PutRolePolicy
    • TagRole
    • GetGroup
    • GetRole
    • CreateRole
  4. Choose SNS service and select the below actions:
    • CreateTopic,
    • DeleteTopic,
    • TagResource,
    • SetTopicAttributes,
    • Subscribe,
    • ConfirmSubscription
  5. Choose Event Bridge service and select the below actions:
    • TagResource
    • PutTargets
    • EnableRule
    • PutRule
    • UntagResource
    • ListTargetsByRule
    • RemoveTargets
    • DeleteRule
  6. Choose EC2 sercice and select the below action:
    • DescribeRegions
  7. For Resources, choose All and select Create policy to save the new policy.

Create a user

  • Sign in to the AWS Management Console and open the IAM console with the appropriate admin level account.
  • In the navigation pane on the left, choose Users and then choose Create user.

  • On the Specify user details page, under User details, in User name, enter the name for the new user, example iam-connector-user and select Next.

  • On the Set permissions page, select Attach policies directly and choose the policy created in above steps.

  • Select Next.
  • Once the user is created, select it, and from the user page, choose Create access key.

  • Select Other then Next.

  • Enter a description if you wish and select Create access key.

  • The Access and Secret Access Keys have now been created. These can be downloaded as a CSV, and also copied from this section.
    Note: The secret access key cannot be viewed once you leave this page.

Configuring AWS IAM connector in Dashboard

  • Navigate to Administration > Data Sources > AWS IAM > Credentials > New credentials.
  • Provide the access key and secret access key values generated in the above steps and select Save & Create Scan.
  • Make sure the connection has a Name and Credentials set then click on Data streaming toggle and click Save & Close to finalize the changes.
  • Clock icon: When data streaming is being activated, the Requested status will appear, indicating that the subscription is being processed. Once the subscription is activated, this status will change to On.
  • After enabling Data Streaming, the system will automatically handle the subscription to AWS Iamʼs real-time events. There is no need to manually configure Webhooks.

Monitoring Real-Time Events

After the subscription is activated, real-time events will start flowing into the platform, and can be monitored from the relevant parts of the platform.

Viewing Events in the Live Events Section
  1. Go to the Live Events section under Administration to view a detailed audit log of all streaming events.

  2. Filter by source to get only AWS IAM events.

Monitoring Extended Streaming Events

Once extended streaming is enabled, events will be available for monitoring in multiple sections of the platform:

Live Events Section
  • Go to Live Events under Administration to view real-time extended events.
  • Use the filter options to narrow down events to only AWS IAM activities.