Amazon Web Services (AWS)

May 24, 2026

Connect your AWS account to collect infrastructure evidence and automate security controls for SOC 2, ISO 27001, and more.

What is AWS?

Amazon Web Services (AWS) is the world's most widely used cloud platform. If your company runs servers, databases, storage, or any infrastructure on AWS, connecting this integration allows Imara to automatically collect evidence about how that infrastructure is configured and secured.

What Imara collects from AWS

  • IAM users, roles, and policies — who has access to what
  • Multi-Factor Authentication (MFA) status for IAM users
  • S3 bucket configurations — encryption and public access settings
  • CloudTrail audit logging status and coverage
  • EC2 instance configurations and security groups
  • Password and key rotation policies

Required AWS permissions

Imara uses a read-only IAM role. You will need to create an IAM role in your AWS account with the following AWS-managed policies:

  • SecurityAudit — read-only access to security configuration data
  • ReadOnlyAccess — broad read access to enumerate resource configurations

No write permissions are ever requested. Imara can only read your configuration — it cannot modify any AWS resource.

How to connect

  1. In Imara, go to Integrations and find Amazon Web Services.
  2. Click Connect. Imara will display the IAM configuration steps and the Imara AWS Account ID.
  3. In your AWS console, create a new IAM Role. Choose Another AWS Account as the trusted entity and enter Imara's AWS account ID shown in the setup dialog.
  4. Attach the SecurityAudit and ReadOnlyAccess policies to the role.
  5. Copy the Role ARN from AWS and paste it into the Imara setup dialog.
  6. Click Verify & Connect. Imara will test the connection and begin the initial sync.

Frameworks supported

The AWS integration helps satisfy controls in: SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF, NIST 800-53.

What to expect

After the initial sync (typically a few minutes), Imara automatically links collected evidence to the relevant controls in your active frameworks. Syncs run periodically and changes in your AWS environment are reflected within hours. Imara will alert your team when it detects a configuration that does not meet your framework requirements — such as an IAM user without MFA enabled.

Amazon Web Services (AWS) | Imara Documentation