Integrations

Amazon Web Services (AWS)

title: Amazon Web Services (AWS) description: Configure AWS integration for automatic compliance monitoring in Tidal Control sidebar_position: 3

Amazon Web Services (AWS)

Configuring AWS integration

The AWS integration enables Tidal Control to automatically execute compliance tests on your AWS environment via a cross-account role configuration.

Requirements:

  • Super User role in Tidal Control
  • AWS IAM role management rights
  • Access to AWS Management Console

Configuration step-by-step plan

What we're going to do: We'll create a cross-account role in your AWS account that allows Tidal to retrieve compliance data. A cross-account role is an AWS mechanism that enables an external AWS account (Tidal) to securely access specific resources in your account without sharing credentials.

Configuration steps:

  1. Note Tidal information
  2. Create AWS IAM role
  3. Assign permissions
  4. Retrieve Role ARN
  5. Complete integration

Step 1: Note Tidal information

  • Go to Settings → Integrations in Tidal Control
  • Click the plus icon next to Amazon Web Services
  • Note the Tidal Account ID from the dialogue screen
  • Note the suggested External ID (Tidal automatically generates a secure ID)
  • Save these values - you'll need them for AWS configuration

Step 2: Create AWS IAM role

  • Log in to AWS Management Console
  • Navigate to IAM → Roles → Create role
  • Select "AWS account""Another AWS account"
  • Enter the Tidal Account ID (from step 1)
  • Tick "Require external ID"
  • Enter the External ID (from step 1)
  • Click "Next"

Step 3: Assign permissions

  • Search for policy "SecurityAudit"
  • Select SecurityAudit policy
  • Click "Next" to continue
  • (Optional) Add tags and click "Next"

Step 4: Retrieve Role ARN

  • Give the role the name "Tidal Integration"
  • Add description: "Read-only role for Tidal Control compliance monitoring"
  • Click "Create role"
  • Go to Roles overview and search for your new role
  • Click on role name to open details
  • Copy the Role ARN (save for Tidal configuration)

Step 5: Complete integration

  • Return to Tidal dialogue screen
  • Enter recognisable name for integration
  • Paste the Role ARN (from step 4)
  • Check External ID is correctly carried over
  • Select AWS Region (top right in AWS Console)
  • Click "Test connection" for verification
Tip

Region setting: Use aws-global if your account uses global services, otherwise the specific region like eu-west-1

Verification

After successful configuration, Settings → Integrations shows a "Connected" status for AWS, AWS-specific tests are available in the Tests section, and test refreshes deliver results without authentication errors.

Warning

Save External ID: Note the External ID securely - it's unique and needed for troubleshooting

Troubleshooting

Troubleshooting issues:

  • Verify Role ARN correctly copied (no extra spaces)
  • Check External ID matches between AWS and Tidal
  • Confirm SecurityAudit policy linked to role
  • Verify AWS Region correctly selected

Still having trouble?

Send an email to support@tidalcontrol.com, and we'll get in touch as soon as possible.

Info

Gathering support info: Note which browser you're using, exact error messages, which steps you've already tried, and screenshots of the problem. This significantly speeds up the solution.

Next
Google Cloud Platform (GCP)