What permissions are required to scan my AWS environment?

Holm Security Cloud Scanner for Amazon Web Services (AWS)

Cloud Provider Configuration

Create a "Holm Security Cloud Scanner" user with the SecurityAudit policy.

Log into your AWS account as an admin or with permission to create IAM resources.
Navigate to the IAM console.
Click on Users.
Create a new user (Add user).
Set the username to "Holm cloud scanner".
Set the access type to "Programmatic access" and click Next.
Select Attach existing policies directly and select the SecurityAudit policy.
Click Create policy to create a supplemental policy (some permissions are not included in SecurityAudit).

Click the JSON tab and paste the following permission set.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ses:DescribeActiveReceiptRuleSet",
                "athena:GetWorkGroup",
                "logs:DescribeLogGroups",
                "logs:DescribeMetricFilters",
                "elastictranscoder:ListPipelines",
                "elasticfilesystem:DescribeFileSystems",
                "servicequotas:ListServiceQuotas"
            ],
            "Resource": "*"
        }
    ]
}

Click Review policy.
Provide a name (HolmCloudSupplemental) and click Create policy.
Return to the Create user page and attach the newly-created policy. Click Next: tags.
Set tags as needed and click Create user.
Make sure you safely store the Access key ID and Secret access key.
Paste them into the corresponding AWS credentials section of the Security Center cloud scan configuration.
Done!