AWS

Monad provides comprehensive integration with Amazon Web Services (AWS) through a suite of specialized connectors. Each connector is designed to efficiently extract data from specific AWS services while maintaining security best practices and optimal performance.

Authentication Methods

AWS connectors support two authentication methods. Choose the one that best fits your security requirements:

1. IAM Role Assumption (Recommended)

How it works: Monad assumes an IAM role in your AWS account using cross-account access with an external ID for additional security.

Setup Requirements:

1. Create an IAM role in your AWS account
2. Configure the trust relationship (see template below)
3. Attach the necessary permissions for the specific service (the permissions required per connector are given in each connector's docs)
4. Provide the Role ARN to Monad

Trust Relationship Template:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AssumeRoleWithExternalId",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::339712996529:role/monad-app"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "{your-organization-id}"
                }
            }
        },
        {
            "Sid": "TagSession",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::339712996529:role/monad-app"
            },
            "Action": "sts:TagSession"
        }
    ]
}

Note: Replace {your-organization-id} with your actual Monad organization ID for better security.

2. Static Credentials (Access Key + Secret Key)

Setup Requirements:

1. Create an IAM user with programmatic access
2. Attach the necessary permissions for the specific service (the permissions required per connector are given in each connector's docs)
3. Generate Access Key ID and Secret Access Key
4. Provide credentials to Monad securely

Common Configuration Parameters

Most AWS connectors share these common configuration options:

Parameter	Type	Required	Description
Region	string	Yes	AWS region where the service is located
Role ARN	string	Conditional*	IAM role ARN for role-based authentication
Access Key	string	Conditional*	AWS Access Key ID for static credentials
Secret Key	string	Conditional*	AWS Secret Access Key for static credentials

*Required based on your chosen authentication method

Related Resources

• AWS IAM Best Practices