# AWS This reference assumes you've already created a Chassy workspace. If you have yet to do this, it is recommended you [create-a-workspace](https://docs.chassy.io/getting-started/create-a-workspace "mention") first. The AWS integration is one of a number of Cloud Services Chassy natively supports. By enabling the integration, Chassy is able to import artifacts from specific S3 buckets and publish logs ingested from your machines to S3, Cloudwatch on your behalf automatically. {% embed url="" %} AWS Integration video tutorial {% endembed %} {% hint style="info" %} Only an Admin or Manager is allowed to manage integrations {% endhint %} ## How to setup AWS integration On the Chassy console, navigate to the *Integrations* panel. Here, you will see a list of Chassy's available integrations among which will be the AWS integration.
The Integrations panel shows cards of all the available integrations.
On clicking *Connect*, you will be presented with a dialog asking for a client role ARN and providing you with an external ID and account ID.

Conect AWS Integration Dialog

To continue, you will need to create a new IAM role on AWS. The required permissions are specified below in either JSON or Terraform and explained in the following table: | Service | Permissions | Reason | | ---------- | ----------- | -------------------------------------------------------------------------------------------- | | S3 | Read | Allows you to import artifacts from S3 into the Chassy Index | | ECR | Read | Allows you to import container images from ECR into the Chassy Index | | Cloudwatch | Read, Write | Allows you to push telemetry data into Cloudwatch and analyze telemetry data from Cloudwatch | {% hint style="info" %} The `Resource` values listed need to be replaced with values that fit your needs. {% endhint %} {% tabs %} {% tab title="JSON" %} ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "S3ReadPermissions", "Effect": "Allow", "Action": [ "s3:Get*", "s3:Describe*", "s3:List*" ], "Resource": "arn:aws:s3:::" }, { "Sid": "ECRReadPermissions", "Effect": "Allow", "Action": [ "ecr:BatchGet*", "ecr:List*", "ecr:Describe*", "ecr:Get*" ], "Resource": "*" }, { "Sid": "CloudwatchLogsReadPermissions", "Effect": "Allow", "Action": [ "logs:Get*", "logs:Describe*", "logs:List*" ], "Resource": "*" }, { "Sid": "CloudwatchLogsWritePermissions", "Effect": "Allow", "Action": [ "logs:Put*", "logs:Create*" ], "Resource": "*" } ] } ``` {% endtab %} {% tab title="Terraform" %} You will need to create a policy. ```hcl resource "aws_iam_policy" "policy" name = "policy_name" path = "/" description = "My Chassy permission policy" policy = <" }, { "Sid": "ECRReadPermissions", "Effect": "Allow", "Action": [ "ecr:BatchGet*", "ecr:List*", "ecr:Describe*", "ecr:Get*" ], "Resource": "*" }, { "Sid": "CloudwatchLogsReadPermissions", "Effect": "Allow", "Action": [ "logs:Get*", "logs:Describe*", "logs:List*" ], "Resource": "*" }, { "Sid": "CloudwatchLogsWritePermissions", "Effect": "Allow", "Action": [ "logs:Put*", "logs:Create*" ], "Resource": "*" } ] } EOF } ``` {% endtab %} {% endtabs %} After creating your role, copy the ARN of the role and paste it into the input on the Chassy console. After clicking *connect*, you should see a success message and the AWS integration should say "connected" in the *Integrations* panel.
## How to remove AWS integration The AWS integration can be removed by navigating to the *Integrations* panel and clicking the *X* button next to the AWS integration.
You will then be asked to confirm this choice in a dialog box as it is a destructive action.
After clicking *Disconnect*, a success message will appear confirming that you have successfully disconnected this integration.