Table of Contents

Amazon Web Services (AWS)

Yasuhiro Miyoshi Updated by Yasuhiro Miyoshi

Translation Disclaimer: The documents herein have been machine translated for your convenience by translation software. While reasonable efforts are made to provide accurate translations, portions may be incorrect. If you would like to report a translation error or inaccuracy, we encourage you to please contact us.

Preparation

Login to Amazon Web Services

Login to AWS access with root user or IAM user.

 

Making a Role for Integration

Accsess to Identity and Access Management (IAM) and click Roles menu.

 Click Create role

 

Step1:Enter the value for trusted entity

  • Trusted entity:AWS account
  • An AWS account:Select 「Another AWS account」and Enter 162001151631in Account ID
  • Check the box of Require external ID (Best practice when a third party will assume this role)
  • Enter a random string (24 or more digits recommended) for the external ID.
  • no need MFA

Click、NEXT.

  

Step2:Click 「Create Policy

Notice to open the another tab when you click create policy.

Click JSON tab and copy and past the following script.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:GetAccessKeyLastUsed",
"iam:ListAccessKeys",
"iam:ListAttachedUserPolicies",
"iam:ListGroupsForUser",
"iam:ListMFADevices",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:ListUsers",
"iam:ListUserTags",
"iam:DeleteUser",
"iam:DeleteAccessKey",
"iam:DeleteRole",
"iam:ListAttachedRolePolicies",
"iam:DetachRolePolicy",
"iam:DeleteLoginProfile",
"iam:ListAttachedUserPolicies",
"iam:DetachUserPolicy",
"iam:CreateUser",
"iam:TagUser",
"iam:ListUserPolicies",
"account:GetContactInformation"
],
"Resource": "*"
}
]
}

Click「Next:Tag

Click「Next:Review」with no tag.

Enter the Policy name and click Create Policy

After creating the policy, return to the previous tab (Add Permission screen).

Perform the following operations to add the created policy.

  1. Click「renew」
  2. search policy you create.
  3. select the policy and check, click next.

Set a name for the role in step (3), then scroll down and click the "Create Role" button.

Check Role ARN

Click the role you created.

Copy the Role ARN

 

Setup Integration

Search Amazon Web Services in Admina by Money Forward.

 

Enter the Role ARN and External ID at role creation and click Integrate.

If the integration with AWS is successful, the registered user information will appear in the account list. 

If the integration does not complete successfully, please edit the information from the status tab on the integration screen and try the integration again.

If the problem persists, please contact us via chat.🙏

  

Appendix:

Because AWS is a service that does not capture email addresses, the user type will be obtained as "unknown" or "system".

To obtain an email address, please use one of the following methods

  1. Using the Account Merging function.

User type can be assigned, allowing for more accurate retiree management.

  1. Use tags to grant email addresses directly to IAM users.

By assigning email to the tag key and email address to the tag value, the Admina by Money Forward will retrieve the email address.

                  

How did we do?

Amazon Business

Amplitude

Contact