Skip to content

AWS Account

The AWS Account integration connects Escape ASM to your AWS account using IAM access keys. Use this when you cannot set up a cross-account IAM role.

For the recommended cross-account role model (no long-lived keys), see AWS.

Discovered Resources

The AWS Account integration discovers the same ASM data as the AWS integration:

  • CloudFront Distributions: CDN configurations and domain names serving your applications
  • API Gateway Domain Names: Custom domain names configured for API Gateway endpoints
  • API Gateway V2 APIs: HTTP and WebSocket APIs (API Gateway V2)
  • Route 53 DNS Records: DNS zones and records managed by Route 53
  • Load Balancers: Application Load Balancers (ALB), Network Load Balancers (NLB), and Classic Load Balancers exposing services
  • Lambda Functions: Serverless functions with exposed endpoints via Function URLs or API Gateway integrations

These discovered resources are automatically classified as Assets (APIs, DNS records, WebApps) in Escape's ASM.

Create an IAM User and Access Key

  1. Navigate to the IAM users tab in the AWS console
  2. Create a new user and attach the ReadOnlyAccess policy
  3. Go to the Security credentials tab and click Create access key
  4. Select Other for the Use case, add a description, and create the key

Important: Access key values are displayed only once during creation. Store these credentials securely.

To revoke access later, return to the IAM users tab, select the user, and remove the key under Security credentials.

Connect in Escape

  1. Open the AWS Account integration page
  2. Enter the access key ID and secret access key
  3. Save the integration and wait for validation to complete

Programmatic Setup

Public API

Create an integration with POST /v3/integrations/aws-account:

curl -X POST https://public.escape.tech/v3/integrations/aws-account \
  -H "X-ESCAPE-API-KEY: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production AWS Account",
    "parameters": {
      "public_key": "AKIAIOSFODNN7EXAMPLE",
      "private_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
    }
  }'

See the OpenAPI specification for list, get, update, and delete operations.

CLI

escape-cli integrations create --kind aws-account <<'EOF'
{
  "name": "Production AWS Account",
  "parameters": {
    "public_key": "AKIAIOSFODNN7EXAMPLE",
    "private_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
  }
}
EOF