We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

AWS Autodiscovery steps clarification

New Contributor
New Contributor

Hi Team, 

Please find the enclosed AWS discovery document.  Pls clarify were the SaviyntAWSStackPAM.bat is to be executed. What are the permissions required to execute SaviyntAWSStackPAM.bat.   Also, how customer can update and maintain the Lambda function. 




Saviynt Employee
Saviynt Employee

Hi @Manju_v 

There is a sample JSON mentioned in the document. Please refer to the below lines in the document.


Open the command prompt and specify the complete path where the batch file is present. Execute the command in the below format: Public <> <<” Auto Discovery CF Template”>> > <> <> For example: SaviyntAWSStackPAMTest.bat "https://saviyntcftemplates.s3.amazonaws.com/DeploymentTemplates/AutoDiscov ery_Template_For_Lambda_Creation.json" https://ssm-xxxx.saviyntcloud.com AQICAxxxxxxXYZ AWS-DEV-CONNECTION


If you open the JSON mentioned above, it shows the template as below. Whatever actions are being performed here, related permissions should be there. Like creating AWS::Events::Rule" and similar others. You can refer full template to see those.

"Description": "Cloud Formation template to create cloudwatch rules and Lambda functions for Instance autodiscovery functions",
"Parameters": {
"LambdaRole": {
"Description": "Enter the ARN of Lamda Role.",
"Type": "String",
"MinLength": "1"
"ApplicationURL": {
"Description": "Enter the application URL EX:https://ssm-xxxxx.saviyntcloud.com",
"Type": "String",
"MinLength": "1",
"ConstraintDescription": "Please Enter application URL"
"encryptedkmscreds": {
"Description": "Enter the encrypted creds using kmskeyid",
"Type": "String",
"MinLength": "1",
"ConstraintDescription": "Please Enter the encrypted creds using kmskeyid"
"SSMAWSConnectionName": {
"Description": "Enter the SSM AWS Connection Name",
"Type": "String",
"MinLength": "1",
"ConstraintDescription": "Please Enter the SSM AWS Connection Name"
"S3BucketName": {
"Description": "Enter the S3 bucket Name",
"Type": "String",
"MinLength": "1",
"ConstraintDescription": "Please Enter the S3 bucket name which has lambda code zip files"
"Resources": {
"CloudwatchRuleautodiscoveryNewInstance": {
"Type": "AWS::Events::Rule",
"Properties": {
"Description": "Cloudwatch rule for AutoDiscovery of New Instances",
"EventPattern": {
"detail-type": [
"AWS API Call via CloudTrail"