home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Manual Onboarding

Step 7 - Create IAM CSPM Policy

  1. Click Services and select IAM.

  2. Select Policies and click Create Policy.

  3. Click the JSON tab.

  4. Copy and paste the policy information:
    {
"Statement": [
{
"Action": [
"account:*", "cloudhsm:AddTagsToResource", "cloudhsm:DescribeClusters", "cloudhsm:DescribeHsm", "cloudhsm:ListHsms", "cloudhsm:ListTags", "cloudhsm:ListTagsForResource", "cloudhsm:TagResource", "cloudtrail:AddTags", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:TagResource", "config:Describe*", "dynamodb:ListStreams", "dynamodb:TagResource", "ec2:CreateTags",
"ec2:Describe*",
"ecs:DescribeClusters", "ecs:ListClusters", "ecs:TagResource", "elasticbeanstalk:AddTags", "elasticfilesystem:CreateTags",
"elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:AddTags", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "glacier:AddTagsToVault", "glacier:ListVaults", "iam:GenerateCredentialReport",
"iam:Get*",
"iam:List*", "iam:PassRole", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys", "lambda:ListFunctions", "lambda:TagResource", "logs:DescribeLogGroups",
"logs:DescribeMetricFilters", "rds:AddTagsToResource", "rds:DescribeDBInstances", "redshift:CreateTags",
"redshift:DescribeClusters", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketWebsite", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:PutBucketTagging", "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:TagResource", "sns:GetTopicAttributes", "sns:List*", "tag:GetResources", "tag:GetTagKeys", "tag:GetTagValues", "tag:TagResources", "tag:UntagResources"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutCASBAwsCspmPolicy"
}
],
"Version": "2012-10-17"
}
  5. Click Review Policy.
  6. Name the policy lookout-cspm-policy and click Create Policy.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.