# Step 1: AWS Infrastructure Setup ## Part A: Link Your Account in Scanner First, register your AWS account with Scanner to get the credentials you'll need: 1. In Scanner, navigate to **Collect** 2. Click the button to Link a New AWS Account (for subsequent accounts go to **AWS Accounts** and click the '+' in the top right corner) 3. Enter your **AWS Account ID** and **Account Name** * Account Name can be anything that helps you identify it (e.g., "Production AWS" or "Security Logs Account") 4. Scanner will display: * **Scanner's AWS Account ID** * **STS External ID** 5. **Keep these values handy**—you'll need them to create resources in AWS ## Part B: Create Required AWS Resources Now choose your setup method to create the infrastructure Scanner needs in your AWS account. **What Gets Created** **IAM Role** * Must be an IAM **Role**, not an IAM User (Scanner cannot assume IAM Users) * Provides least-privilege access: 1. Read access to the S3 buckets containing your log files (for indexing and detection) 2. Read/write access to the S3 buckets where Scanner writes raw logs collected from SaaS/cloud sources 3. Read/write access to the Scanner index bucket **S3 Bucket for Index Files** * Dedicated bucket for Scanner's proprietary index files * Should be in the same AWS region as Scanner's compute instance to minimize data transfer costs * Configured with encryption and lifecycle rules **EventBridge rule & event bus** * Enable EventBridge notifications on your S3 log files buckets so object-created events are sent to Amazon EventBridge. * An EventBridge rule in your account forwards those events to Scanner's event bus (in Scanner's account), which triggers indexing. * If your S3 log files are in multiple regions, you will need the EventBridge rule (and its IAM role) created in each region. ### **How to Create Resources** **Option A: Infrastructure as Code (Recommended)** Use our pre-built templates with the Scanner AWS Account ID and STS External ID from Part A: * [CloudFormation](/scanner/getting-started/step-1-aws-infrastructure-setup/aws-cloudformation.md) * [Terraform](/scanner/getting-started/step-1-aws-infrastructure-setup/terraform.md) Deploy the template in your AWS account. Once complete, your account is linked and ready. **Option B:** [**Guided Manual Setup**](/scanner/getting-started/step-1-aws-infrastructure-setup/manual-setup-aws-cloudshell.md) Once complete, your account is linked and ready **Important - Note the resource names created—you'll need these in Part C:** * IAM Role ARN (format: `arn:aws:iam::123456789012:role/scnr-IntegrationRole`) * Scanner Index Files Bucket Name (e.g., `scanner-index-files-prod`) ## Part C: Finalizing AWS Account Linking in the Scanner UI Return to Scanner to finalize the connection by providing the resource identifiers you just created. 1. In Scanner, go back to **Collect > AWS Accounts > \[Your Account]** 2. Enter the following information: **Scanner Role ARN** * The ARN of the IAM Role you created * Format: `arn:aws:iam::YOUR_ACCOUNT_ID:role/ROLE_NAME` * This is an output from your CloudFormation/Terraform deployment, or visible in AWS IAM console **Scanner Index Files Bucket Name** * The name of the dedicated S3 bucket for Scanner's index files * This is the bucket created specifically for Scanner (not your existing log buckets) * Example: `scanner-index-files-prod` **Log Files Bucket Names** * List the existing S3 bucket(s) containing your raw logs that you want Scanner to index * Examples: `prod-cloudtrail-logs`, `app-logs-prod` * You can add multiple buckets * The Scanner IAM Role must have read permissions to these buckets 3. Click **Save** or **Complete Setup** Your AWS account is now linked! Scanner can access your log buckets and will store index files in the dedicated bucket you created. ## Troubleshooting For help resolving AWS configuration and permission errors, see [Troubleshooting AWS Errors](/scanner/getting-started/step-1-aws-infrastructure-setup/troubleshooting-aws-errors.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scanner.dev/scanner/getting-started/step-1-aws-infrastructure-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.