Torq enables quick and easy integration with AWS, so you can automate anything and everything within moments. Torq's public AWS steps include:

AWS CLI command
Describe an instance
Search DynamoDB
Get IP addresses for EC2 instances
+12 more...

Use AWS Steps in Torq

Step One: Get IDs in Torq

AWS integrations use an AWS IAM role that you define in your AWS IAM configuration.

To create an IAM role in AWS, you need the Torq Workspace ID and the AWS External ID that are located in Torq. At this point, you are only copying them—the integration is created in AWS rather than Torq.

Locate the IDs in Torq: Navigate to Build > Integrations > Steps > AWS and click Add Instance.
Copy the Torq Workspace ID and AWS External ID: Click Copy to save the IDs for later. You will need them to create the IAM role in AWS.

Step Two: Create an IAM Role in AWS

There are two ways to create an IAM role in AWS: manually or using a CloudFormation Template (CFT).

Manually Create an IAM Role in AWS

Open AWS IAM: Sign in to the AWS Management Console and go to IAM.
Create a Role: Select Roles > Create role.
Define the New Role:
1. Click AWS account.
2. Click Another AWS account.
3. In the Account ID field, enter the Torq Workspace ID you copied earlier.
4. Select the checkbox Require external ID.
5. In the External ID field, enter the AWS External ID you copied earlier.
6. Click Next.
Add Permissions:
1. Select at least one policy to assign to the user, group, or role that can use AWS services in Torq steps. If you don't assign sufficient permissions to run a specific step, you'll get an error.
2. (Optional) Set a permissions boundary to control the maximum permissions that can be assigned to the role.
3. Click Next.
Finalize:
1. Enter a meaningful name.
2. Add a short description of the role.
3. Review the trust policies and assigned permissions.
4. (Optional) Add relevant tags.
5. Click Create role.
Copy the Role ARN: After you're redirected to the IAM > Roles console, enter the name of the role you created and then select it.
Copy the Role ARN: Copy the ARN as you'll need it to create the AWS integration in Torq.

Create an IAM Role in AWS Using a CFT

CloudFormation Templates contain all the necessary configurations to create an IAM role in AWS.

Open AWS CloudFormation: Sign in to the AWS Management Console and go to CloudFormation.
Create a Stack: Navigate to CloudFormation > Stacks and click Create stack.
1. Select Choose an existing template.
2. Select Upload a template file.
3. Click Choose file and select a CFT from your device. CFTs are attached at the bottom of this guide.
4. Click Next.
Configure the Stack:
1. Enter a meaningful name.
2. In the AWSExternalID field, enter the AWS External ID you copied earlier.
3. Select EC2 for the permission type.
4. In the TorqWorkspaceID field, enter the Torq Workspace ID you copied earlier.
5. Click Next.
6. (Optional) Add tags and permissions.
7. Acknowledge that CloudFormation might create IAM resources with custom names.
8. Click Next.
9. Review the stack and click Submit.
Copy the Role ARN: When the stack's status changes from CREATE_IN_PROGRESS to CREATE_COMPLETE, go to the stack's Outputs tab and copy the RoleArn's value.

Step Three: Create an AWS Steps Integration in Torq

AWS integrations are used for AWS, AWS S3, and AWS Redshift steps in Torq workflows.

Navigate to the Integration: Go to Build > Integrations > Steps > AWS and click Add Instance.
Configure the Integration:
1. Give the integration a unique and meaningful name.
2. Enter the AWS Role ARN that you copied earlier.
Finalize: Click Add.

FAQs

Which CFTs should be used?

The CFTs are attached at the bottom of this article.

Templates

Now that you've added your integrations, check out these specially crafted templates by Torq's security experts. Visit Torq's template library for more.

Torq Assume Role 2.yml

Torq AWS Connector.yml

AWS SigV4 Authorization: Utilize AWS Calls in HTTP Step

Amazon Web Services (AWS)