Porting IAM roles & permissions from AWS or GCP

If you have existing IAM roles and permissions configured in AWS or GCP, you can port them to Foundry. Foundry works with customers to facilitate this directly since the process requires some bespoke work and intermediary systems.

A high-level overview of the process:

1. Getting permission data from AWS or GCP: We'll need to access the user's IAM roles, policies, and permissions from their AWS or GCP accounts. For AWS, we can use the AWS SDK or CLI to access IAM information. We'll need to use API calls like list_roles, get_role, list_policies, get_policy, and get_policy_version to collect IAM roles and policies. We may need the user's access key and secret key to authenticate to their account. For GCP, we can use the Google Cloud SDK or the REST API to access IAM information. We'll use API methods like projects.getIamPolicy, roles.list, and permissions.queryTestablePermissions to collect roles and permissions. We may need the user's OAuth 2.0 credentials or service account key for authentication.

2. Mapping AWS/GCP permissions to our application: Once we have the IAM information, we leverage a mapping system that translates the AWS/GCP roles and permissions into corresponding roles and permissions within our application.

3. Applying the mapped permissions: Finally, we'll apply the mapped permissions and roles to the user's account in our application. We'll ensure that the ported IAM roles and permissions appropriately control the user's access and actions in our application.

Porting IAM roles and permissions across different platforms may not be perfect, as each platform's access control model is slightly different. We will work with you to thoroughly test and validate the permissions in our application to ensure they're working as expected.