CSOAR-3365: AWS IAM Role ARN based Authentication

docs/platform-services/automation-service/app-central/integrations/aws-cloudtrail.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/aws.png')} alt="aws" width="50"/>
 
-***Version: 1.2  
-Updated: Jun 15, 2023***
+***Version: 1.3  
+Updated: July 29, 2025***
 
 Interact with AWS CloudTrail through Trails and Events.
 
@@ -33,17 +33,20 @@ import IntegrationsAuthAWS from '../../../../reuse/integrations-authentication-a
 import AWSRegions from '../../../../reuse/automation-service/aws/region.md';
 import AWSAccesskey from '../../../../reuse/automation-service/aws/access-key.md';
 import AWSSecret from '../../../../reuse/automation-service/aws/secret.md';
+import AWSIAMRole from '../../../../reuse/automation-service/aws/iam-role.md';
 import IntegrationCertificate from '../../../../reuse/automation-service/integration-certificate.md';
 import IntegrationEngine from '../../../../reuse/automation-service/integration-engine.md';
 import IntegrationLabel from '../../../../reuse/automation-service/integration-label.md';
 import IntegrationProxy from '../../../../reuse/automation-service/integration-proxy.md';
 import IntegrationTimeout from '../../../../reuse/automation-service/integration-timeout.md';
+import IAMConfiguration from '../../../../reuse/automation-service/aws/iam-configuration.md';
 
 <IntegrationsAuth/>
 
 * <IntegrationLabel/>
 * <AWSAccesskey/>
 * <AWSSecret/>
+* <AWSIAMRole/>
 * <AWSRegions/>
 * <IntegrationTimeout/>
 * <IntegrationCertificate/>
@@ -54,6 +57,19 @@ import IntegrationTimeout from '../../../../reuse/automation-service/integration
 
 <IntegrationsAuthAWS/>
 
+<IAMConfiguration/>
+
+## Required Permissions
+```
+  cloudtrail:DescribeTrails
+  cloudtrail:LookupEvents
+  cloudtrail:CreateTrail
+  cloudtrail:DeleteTrail
+  cloudtrail:StartLogging
+  cloudtrail:StopLogging
+  cloudtrail:UpdateTrail
+```
+
 For information about AWS CloudTrail, see [CloudTrail documentation](https://docs.aws.amazon.com/cloudtrail/).
 
 ## Change Log
@@ -62,3 +78,4 @@ For information about AWS CloudTrail, see [CloudTrail documentation](https://doc
 * March 10, 2022 - Logo
 * May 12, 2023 (v1.1) - Integration refactored
 * June 15, 2023 (v1.2) - Updated the integration with Environmental Variables
+* July 29. 2025 (v1.3) - Added support for IAM role authentication - Users can now authenticate using an AWS IAM Role in addition to access key–based authentication.

docs/platform-services/automation-service/app-central/integrations/aws-route53.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/aws.png')} alt="aws" width="50"/>
 
-***Version: 1.1  
-Updated: Jun 21, 2023***
+***Version: 1.2  
+Updated: July 29, 2025***
 
 Interact with DNS records through AWS Route 53.
 
@@ -31,18 +31,21 @@ import IntegrationsAuthAWS from '../../../../reuse/integrations-authentication-a
 import AWSRegions from '../../../../reuse/automation-service/aws/region.md';
 import AWSAccesskey from '../../../../reuse/automation-service/aws/access-key.md';
 import AWSSecret from '../../../../reuse/automation-service/aws/secret.md';
+import AWSIAMRole from '../../../../reuse/automation-service/aws/iam-role.md';
 import IntegrationCertificate from '../../../../reuse/automation-service/integration-certificate.md';
 import IntegrationEngine from '../../../../reuse/automation-service/integration-engine.md';
 import IntegrationLabel from '../../../../reuse/automation-service/integration-label.md';
 import IntegrationProxy from '../../../../reuse/automation-service/integration-proxy.md';
 import IntegrationTimeout from '../../../../reuse/automation-service/integration-timeout.md';
+import IAMConfiguration from '../../../../reuse/automation-service/aws/iam-configuration.md';
 
 <IntegrationsAuth/>
 
 * <IntegrationLabel/>
 * **URL**. Enter your [AWS Route 53 URL](https://docs.aws.amazon.com/general/latest/gr/r53.html), for example, `route53.amazonaws.com`.
 * <AWSAccesskey/>
 * <AWSSecret/>
+* <AWSIAMRole/>
 * <AWSRegions/>
 * <IntegrationEngine/>
 * <IntegrationProxy/>
@@ -51,9 +54,12 @@ import IntegrationTimeout from '../../../../reuse/automation-service/integration
 
 <IntegrationsAuthAWS/>
 
+<IAMConfiguration/>
+
 For information about AWS Route 53, see [Route 53 documentation](https://docs.aws.amazon.com/route53/).
 
 ## Change Log
 
 * December 24, 2019 - First upload
 * June 21, 2023 (v1.1) - Updated the integration with Environmental Variables
+* July 29. 2025 (v1.2) - Added support for IAM role authentication - Users can now authenticate using an AWS IAM Role in addition to access key–based authentication.

docs/platform-services/automation-service/app-central/integrations/aws-s3.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/aws.png')} alt="aws" width="50"/>
 
-***Version: 1.2  
-Updated: Jun 28, 2023***
+***Version: 1.3  
+Updated: Jun 29, 2025***
 
 Interact with AWS S3 buckets, objects, and policies.
 
@@ -35,17 +35,20 @@ import IntegrationsAuthAWS from '../../../../reuse/integrations-authentication-a
 import AWSRegions from '../../../../reuse/automation-service/aws/region.md';
 import AWSAccesskey from '../../../../reuse/automation-service/aws/access-key.md';
 import AWSSecret from '../../../../reuse/automation-service/aws/secret.md';
+import AWSIAMRole from '../../../../reuse/automation-service/aws/iam-role.md';
 import IntegrationCertificate from '../../../../reuse/automation-service/integration-certificate.md';
 import IntegrationEngine from '../../../../reuse/automation-service/integration-engine.md';
 import IntegrationLabel from '../../../../reuse/automation-service/integration-label.md';
 import IntegrationProxy from '../../../../reuse/automation-service/integration-proxy.md';
 import IntegrationTimeout from '../../../../reuse/automation-service/integration-timeout.md';
+import IAMConfiguration from '../../../../reuse/automation-service/aws/iam-configuration.md';
 
 <IntegrationsAuth/>
 
 * <IntegrationLabel/>
 * <AWSAccesskey/>
 * <AWSSecret/>
+* <AWSIAMRole/>
 * <AWSRegions/>
 * **URL**. Enter your [Amazon S3 URL](https://docs.aws.amazon.com/general/latest/gr/s3.html), for example, `s3.us-east-1.amazonaws.com`.
 * <IntegrationEngine/>
@@ -55,8 +58,27 @@ import IntegrationTimeout from '../../../../reuse/automation-service/integration
 
 <IntegrationsAuthAWS/>
 
+<IAMConfiguration/>
+
+## Required Permissions
+```
+  s3:GetBucketPolicy
+  s3:ListBucket
+  s3:ListAllMyBuckets
+  s3:GetObject
+  s3:PutObject
+  s3:CreateBucket
+  s3:DeleteBucket
+  s3:DeleteBucketPolicy
+  s3:DeleteObject
+  s3:PutBucketPolicy
+```
+
 ## Change Log
 
 * October 3, 2019 - First upload
 * June 21, 2023 (v1.1) - Updated the integration with Environmental Variables
 * June 28, 2023 (v1.2) - Visibility of the Resource fields changed
+* July 29. 2025 (v1.3) - 
+  * Added IAM Role Support - Users can now authenticate using an AWS IAM Role in addition to access key–based authentication.
+  * Implemented input validation in the *Download File* action.

docs/platform-services/automation-service/app-central/integrations/aws-simple-notification-service.md

@@ -7,8 +7,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/aws.png')} alt="aws" width="50"/>
 
-***Version: 1.2  
-Updated: Jun 15, 2023***
+***Version: 1.3  
+Updated: July 29, 2025***
 
 Amazon Simple Notification Service (SNS) is a pub/sub messaging and mobile notifications service for coordinating the delivery of messages to subscribing endpoints and clients.
 
@@ -28,17 +28,20 @@ import IntegrationsAuthAWS from '../../../../reuse/integrations-authentication-a
 import AWSRegions from '../../../../reuse/automation-service/aws/region.md';
 import AWSAccesskey from '../../../../reuse/automation-service/aws/access-key.md';
 import AWSSecret from '../../../../reuse/automation-service/aws/secret.md';
+import AWSIAMRole from '../../../../reuse/automation-service/aws/iam-role.md';
 import IntegrationCertificate from '../../../../reuse/automation-service/integration-certificate.md';
 import IntegrationEngine from '../../../../reuse/automation-service/integration-engine.md';
 import IntegrationLabel from '../../../../reuse/automation-service/integration-label.md';
 import IntegrationProxy from '../../../../reuse/automation-service/integration-proxy.md';
 import IntegrationTimeout from '../../../../reuse/automation-service/integration-timeout.md';
+import IAMConfiguration from '../../../../reuse/automation-service/aws/iam-configuration.md';
 
 <IntegrationsAuth/>
 
 * <IntegrationLabel/>
 * <AWSAccesskey/>
 * <AWSSecret/>
+* <AWSIAMRole/>
 * <AWSRegions/>
 * <IntegrationTimeout/>
 * <IntegrationCertificate/>
@@ -49,6 +52,8 @@ import IntegrationTimeout from '../../../../reuse/automation-service/integration
 
 <IntegrationsAuthAWS/>
 
+<IAMConfiguration/>
+
 For information about Amazon Simple Notification Service, see [Amazon Simple Notification Service documentation](https://docs.aws.amazon.com/sns/).
 
 ## External Libraries
@@ -61,3 +66,4 @@ For information about Amazon Simple Notification Service, see [Amazon Simple Not
 * March 3, 2023 (v1.1)
 	+ Updated integration Fields Label
 * June 15, 2023 (v1.2) - Updated the integration with Environmental Variables
+* July 29. 2025 (v1.3) - Added IAM Role Support - Users can now authenticate using an AWS IAM Role in addition to access key–based authentication.

docs/platform-services/automation-service/app-central/integrations/aws-sqs.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/aws.png')} alt="aws" width="50"/>
 
-***Version: 1.2  
-Updated: Jun 15, 2023***
+***Version: 1.3  
+Updated: July 29, 2025***
 
 Using the integration with SQS, you can gather current queues, add a new queue, delete and purge existing queues during an active investigation.
 
@@ -31,17 +31,20 @@ import IntegrationsAuthAWS from '../../../../reuse/integrations-authentication-a
 import AWSRegions from '../../../../reuse/automation-service/aws/region.md';
 import AWSAccesskey from '../../../../reuse/automation-service/aws/access-key.md';
 import AWSSecret from '../../../../reuse/automation-service/aws/secret.md';
+import AWSIAMRole from '../../../../reuse/automation-service/aws/iam-role.md';
 import IntegrationCertificate from '../../../../reuse/automation-service/integration-certificate.md';
 import IntegrationEngine from '../../../../reuse/automation-service/integration-engine.md';
 import IntegrationLabel from '../../../../reuse/automation-service/integration-label.md';
 import IntegrationProxy from '../../../../reuse/automation-service/integration-proxy.md';
 import IntegrationTimeout from '../../../../reuse/automation-service/integration-timeout.md';
+import IAMConfiguration from '../../../../reuse/automation-service/aws/iam-configuration.md';
 
 <IntegrationsAuth/>
 
 * <IntegrationLabel/>
 * <AWSAccesskey/>
 * <AWSSecret/>
+* <AWSIAMRole/>
 * <AWSRegions/>
 * <IntegrationEngine/>
 * <IntegrationProxy/>
@@ -50,10 +53,23 @@ import IntegrationTimeout from '../../../../reuse/automation-service/integration
 
 <IntegrationsAuthAWS/>
 
+<IAMConfiguration/>
+
+## Required Permissions
+```
+  sqs:ListQueues
+  sqs:GetQueueUrl
+  sqs:CreateQueue
+  sqs:DeleteQueue
+  sqs:PurgeQueue
+  sqs:SendMessage
+```
+
 For information about AWS SQS, see [SQS documentation](https://docs.aws.amazon.com/sqs/).
 
 ## Change Log
 
 * January 16, 2020 - First upload
 * March 10, 2022 - Logo
 * June 15, 2023 (v1.2) - Updated the integration with Environmental Variables
+* July 29. 2025 (v1.3) - Added support for IAM role authentication - Users can now authenticate using an AWS IAM Role in addition to access key–based authentication.

docs/reuse/automation-service/aws/access-key.md

@@ -1 +1 @@
-**Access Key ID**. Enter an AWS [access key ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) to provide authentication. (Although AWS recommends using IAM roles with temporary security credentials instead of access keys, our AWS integrations currently support only access keys due to the need for dynamically managed credentials.)
+**Access Key ID**. Enter an AWS [access key ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) to provide authentication. (Although AWS recommends using IAM roles with temporary security credentials instead of access keys)

docs/reuse/automation-service/aws/iam-configuration.md

@@ -0,0 +1,27 @@
+### AWS IAM Role-Based Access Guide
+
+To enable AWS IAM Role-based authentication without sharing their Access/Secret keys, follow the steps below.
+
+---
+
+#### Customer-Side Configuration
+
+1. **Create an IAM Role** in AWS account.
+2. **Attach Required Policies** to the role depending on the AWS services they want to allow access to (e.g., `AmazonEC2ReadOnlyAccess`, `AWSWAFFullAccess`, etc.).
+3. **Update the Trust Policy** to allow SUMO's AWS account to assume this role.
+
+   Example Trust Policy:
+   ```json
+   {
+     "Version": "2012-10-17",
+     "Statement": [
+       {
+         "Effect": "Allow",
+         "Principal": {
+           "AWS": "arn:aws:iam::<sumo-account-id>:root"
+         },
+         "Action": "sts:AssumeRole"
+       }
+     ]
+   }
+  ```

docs/reuse/automation-service/aws/iam-role.md

@@ -0,0 +1 @@
+**IAM Role**. Enter an AWS IAM Role ARN to provide authentication.