Requirements

Dash Monitoring Supported Regions

Teams can connect one or more AWS accounts to Dash ComplyOps. Once an AWS account is connected to Dash, your team can create scanset(s) to monitor one or more AWS regions.

Dash scanning and monitoring capabilities is compatibility with the following AWS regions:

Region Name	Geography	Location
us-east-1	North America	N. Virginia
us-east-2	North America	Ohio
us-west-1	North America	N. California
us-west-2	North America	Oregon
ca-central-1	North America	Canada Central
sa-east-1	South America	São Paulo
eu-central-1	Europe	Frankfurt
eu-central-2	Europe	Zurich
eu-west-1	Europe	Ireland
eu-west-2	Europe	London
eu-west-3	Europe	Paris
eu-north-1	Europe	Stockholm
eu-south-1	Europe	Milan
eu-south-2	Europe	Spain
ap-east-1	Asia-Pacific	Hong Kong
ap-south-1	Asia-Pacific	Mumbai
ap-south-2	Asia-Pacific	Hyderabad
ap-southeast-1	Asia-Pacific	Singapore
ap-southeast-2	Asia-Pacific	Sydney
ap-southeast-3	Asia-Pacific	Jakarta
ap-southeast-4	Asia-Pacific	Melbourne
ap-northeast-1	Asia-Pacific	Tokyo
ap-northeast-2	Asia-Pacific	Seoul
ap-northeast-3	Asia-Pacific	Osaka
af-south-1	Africa	Cape Town
me-south-1	Middle East	Bahrain
me-central-1	Middle East	UAE

Please Note: AWS GovCloud and AWS China Regions are currently not supported for monitoring by the Dash ComplyOps application.

IAM Permissions

AWS Monitoring Permissions

In order to scan AWS accounts for security issues, Dash ComplyOps needs to be granted an IAM role with read permissions. Dash ComplyOps provides this IAM role as a CloudFormation template or URL for easy installation in the application.

The following permissions are used with the to connect AWS accounts with the Dash application:
"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
"arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess",
"arn:aws:iam::aws:policy/SecurityAudit",
"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
"arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess",
"arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess",
"arn:aws:iam::aws:policy/IAMReadOnlyAccess"