# Porting IAM roles & permissions from AWS or GCP If you have existing IAM roles and permissions configured in AWS or GCP, you can port them to Foundry. Foundry works with customers to facilitate this directly since the process requires some bespoke work and intermediary systems. {% hint style="success" %} **If you would like to work with us on porting your IAM configuration, contact your account team via Slack or email .** {% endhint %} A high-level overview of the process: 1. **Getting permission data from AWS or GCP**: We'll need to access the user's IAM roles, policies, and permissions from their AWS or GCP accounts.\ For AWS, we can use the AWS SDK or CLI to access IAM information. We'll need to use API calls like list\_roles, get\_role, list\_policies, get\_policy, and get\_policy\_version to collect IAM roles and policies. We may need the user's access key and secret key to authenticate to their account.\ For GCP, we can use the Google Cloud SDK or the REST API to access IAM information. We'll use API methods like projects.getIamPolicy, roles.list, and permissions.queryTestablePermissions to collect roles and permissions. We may need the user's OAuth 2.0 credentials or service account key for authentication. 2. **Mapping AWS/GCP permissions to our application**: Once we have the IAM information, we leverage a mapping system that translates the AWS/GCP roles and permissions into corresponding roles and permissions within our application. 3. **Applying the mapped permissions**: Finally, we'll apply the mapped permissions and roles to the user's account in our application. We'll ensure that the ported IAM roles and permissions appropriately control the user's access and actions in our application. Porting IAM roles and permissions across different platforms may not be perfect, as each platform's access control model is slightly different. We will work with you to thoroughly test and validate the permissions in our application to ensure they're working as expected. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mithril.ai/access-management/porting-iam-roles-and-permissions-from-aws-or-gcp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.