1. Sign up to Tamnoon
2. Click on Settings → Integrations. Select Security Hub

1. Copy the Account Id and the external ID shown on the screen. You will need them in the steps below.

1. Login to your AWS console (aws.amazon.com)
2. Go to IAM-> Roles-> create Role by clicking the following link
3. Under Trust Entity Type - select AWS Account

https://lh7-us.googleusercontent.com/umbfDsUbraeUEBwDoyZvnbiJaj57U3AjL6pBl_EUSd9vNi7zYXP0MKZNQLHxNclJV5caEKvK0wMSzKy-nKeznWo9H9t9pFS-WkPQs5xKujaivXrUdoUWbO-8WKtiO5qgg6CX9FDU8_HTMm-78_6wjRs

1. Under “An AWS account” Section select “Another AWS Account” and enter the AccountId recorded in step 3 ****
2. In Options - Select Require external ID and enter the external ID recorded in step 3:

https://lh7-us.googleusercontent.com/SIUvF_IIL_TPjoxx2bP415qzm4p_VXtkuSOl1qzyU0FeOnCVsGALuSCArsSZVa8Zvk0Ts4rmis9yhV2OmD767cgSEFFV_KsAH_Gpl57pv9BD7FJpn-QJ9pPcVzJzIXMdInpV6hGbJEPkvkTVB4P6D-M

1. Click on the ‘Next‘ button at the bottom of the page
2. Search for “AWSSecurityHubReadOnlyAccess” policy and select it, click “Next”

https://lh7-us.googleusercontent.com/WaciUeTlu7eVfkEQcy-Ho1UZ2bV8xNXYpTN7L6_m0gLiCrWVCBMByfVKrLyeBnfUz42l-9I4WLPRMkAWUrCnwwfw7oQMONXUqmfLL90rUUTaqShRaRbHU2reHSmD0lpomsyvYl5ABmstl1iqslZG04Q

1. Set the role name to TamnoonSecurityHubFetchRole and click on ‘Create Role‘ at the bottom of the page

https://lh7-us.googleusercontent.com/ixxlQ0mHw1ZGuyeYjpXqDXuD4nMQBdV3poa1xotTpPLVj9OGe6JcnByo5qtU_XRPSaqvGTKqT3oLhbNQvP6E4Nncax4zY0tnpvBgCUEcrBqo-BFRKh04_IfOxNi-OENtkykag-SMzrLKEWiRSHMTVbs

1. On the search box look for the ‘Role name‘ you set in the previous step, and click on it.