> ## Documentation Index
> Fetch the complete documentation index at: https://adapt.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS

> Connect AWS to Adapt with an IAM access key to inspect and analyze your resources

Connect your AWS account to Adapt using an IAM access key so Adapt can read
and analyze your AWS resources within the permissions you grant.

## Set up credentials

<Steps>
  <Step title="Open the IAM console">
    Sign in to the [AWS Management Console](https://console.aws.amazon.com/)
    and go to the **IAM** service.
  </Step>

  <Step title="Create an IAM user">
    In the left navigation, choose **Users > Create user**. Enter a user name
    (for example, `adapt-readonly`), then click **Next**.
  </Step>

  <Step title="Attach a read-only policy">
    On the permissions page, choose **Attach policies directly**, search for
    **ReadOnlyAccess** (`arn:aws:iam::aws:policy/ReadOnlyAccess`), and select it.
    Click **Next**, then **Create user**.

    <Note>
      Attach the narrowest policy that covers your use case. Service-specific
      read-only policies (for example, `AmazonS3ReadOnlyAccess`) are preferable
      when you only need access to one service.
    </Note>
  </Step>

  <Step title="Create an access key">
    Open the new user, go to the **Security credentials** tab, and under
    **Access keys** click **Create access key**. Choose a use case such as
    **Third-party service** or **Other**, then click **Next** and
    **Create access key**.
  </Step>

  <Step title="Copy the key values">
    Copy the **Access key ID** and the **Secret access key**, or download the
    `.csv` file. The secret access key is shown only once and cannot be
    retrieved later.
  </Step>
</Steps>

## Connect to Adapt

<Steps>
  <Step title="Open Integrations">
    In Adapt, go to **Settings > Integrations**.
  </Step>

  <Step title="Find AWS">
    Search for **AWS** and select it from the catalog.
  </Step>

  <Step title="Start the connection">
    Click **Connect** to open the connection form.
  </Step>

  <Step title="Add your credentials">
    Enter the values you gathered above, then click **Add connection**:

    | Secret Name             | Value                                          |
    | ----------------------- | ---------------------------------------------- |
    | `AWS_ACCESS_KEY_ID`     | Your IAM access key ID                         |
    | `AWS_SECRET_ACCESS_KEY` | Your IAM secret access key                     |
    | `AWS_REGION`            | Your default region, e.g. us-east-1 (optional) |

    You can rename the connection and choose whether it is shared with your
    organization or kept personal to you.
  </Step>

  <Step title="Test the connection">
    Ask Adapt to list your S3 buckets.
  </Step>
</Steps>

### Security

* Credentials are encrypted at rest with AES-256
* Use a dedicated IAM user with a least-privilege, read-only policy such as `ReadOnlyAccess` or a service-specific read-only policy
* Rotate access keys regularly and deactivate keys you no longer use
* Never share your secret access key or commit it to source control

## Capabilities

Adapt can inspect and analyze your AWS resources, such as S3 buckets, EC2
instances, and other services, within the permissions granted to the access key.

### Examples

```
List my S3 buckets and flag any that are publicly accessible.
```

```
Summarize my running EC2 instances by region and instance type.
```

```
Show CloudWatch alarms that are currently in an ALARM state.
```

```
Review my IAM users and highlight any without MFA enabled.
```