Hello @Megha,
Is Saviynt EIC deployed on an AWS Cloud Server, or is it deployed on a non-AWS Cloud like Azure? The AWS configuration may differ depending on the deployment type, and we would like to ensure compatibility.(Please refer)
Que: Which Cloud-Formation template to use for our(fetching IAM users and IAM roles) use-case?
Is your intention solely to import the user and entitlement, or do you also require the provisioning operation?
If your requirement is limited to importing the user and entitlement, you can utilize the Security Analyzer ( read-only ).
Provisioning and deprovisioning operations involve the use of both Security Analyzer + IGA, with read-only and write capabilities. For additional details, please refer to Table 1: CF Templates
Que: What change/addition's cloud-formation template to doing in the target AWS account?
Are you referring to modifying the template in the Security Analyzer, such as reducing granted permissions?
Que: In which AWS account we need to run this cloud-formation template?
To integrate with AWS accounts for connections, you'll need separate connections for each individual AWS account.
Que: Any specific value has to be provided for "EXTERNAL_ID" and is it mandatory?
The field is optional, and you can provide a string of your preference. However, please remember to keep a record of it, as you'll need the same external ID in the Saviynt connection too.
Que: Trust relationship configuration to establish the connectivity.
This will be completed as part of executing the CloudFormation template. You will need to provide the Saviynt MasterAccID, which can be obtained from the saviynt support team. Additionally, ensure that the AWS-related properties and external configuration properties align correctly.
Please refer the document for more details.
Thanks.
If you find the above response useful, Kindly Mark it as "Accept As Solution".
