Creating A Role
In your AWS console go to IAM service
On the left menu side choose roles
Choose “Create Role”
On the “select type of trusted entity” choose “Another AWS account”
in the Account ID field add the account number: 104338399232 and click “Next: Permissions”
in the policy table search for securityhub and mark AWSSecurityHubReadOnlyAccess policy then click “Next: Tags”
Add any tag required by your practices and click next
Add a role name and click next
In the roles table find the role just created and click it
From the summary screen copy the Role ARN and paste it above in the relevant field
For extra security go to the “Trust relationships” tab and click the “edit trust relationships”
in the window opened change arn:aws:iam::104338399232:root to arn:aws:iam::104338399232:role/seemplicity_collector then update the trust policy
Collection Instance Details
Name: <Friendly name for this collection instance>
AWS Account #: <The account # to collect from>
Role Name: <Name of the role to assume in the collected account>
Regions: <COmma seperated list of AWS regions to collector from>