The Client Credentials authentication method is recommended only if creation of IAM Role is not possible or scope of assessment is single AWS Account. This method ensures that the app has the required permissions to securely access your AWS resources without storing any credentials.
To get started, customers will first have to create a new AWS policy and attach it to a user. Customers can create a new IAM user (Part B.1) or user can be an existing IAM user (Part B.2). Both the methods are explained below.
Part A: Create an AWS Assessment Policy
Step 1: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/policies
Step 2: Click on Create Policy
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 3: Choose the JSON option
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 4: Replace the contents with the Lucidity-provided permissions based on your environment configuration, then click Next:
If SSM is not already enabled across most of your EC2 instances, use the Standard Permissions Policy (allows Assessment Tool to enable and manage SSM temporarily. All changes are reverted post assessment).
If SSM is already enabled on at least 40% of your EC2 instances, use the Essential Permissions Policy (read-only access; no IAM or SSM setup changes).
Step 5: Provide a name to identify this policy. Example “Lucidity-Assessment-role” and click ‘Create Policy’.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Part B.1: Create a new IAM user and attach the created policy
Use this option if you do not want to use an existing IAM user.
Step 1: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/users
Step 2: Click on ‘Add Users’
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 3: Provide a user name and click Next.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 4: Select ‘Attach Policy Directly’ and search for the policy that was previously created. Click Next.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 5: Click ‘Create User’ to create a new user.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Thus, you have created a new user and attached the policy to this user.
Part B.2: Attach Policy to Existing User
You can also attach the policy to an existing user. To do this:
Step 1: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/users
Step 2: Search for the required user and select.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 3: Select ADD Permissions from the drop down menu.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 4: Select Attach policies directly. Search for previously created policy (Lucidity-Assessment-role). Navigate to next.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 5: Click on Add permissions
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
This will attach the policy to an existing user.
Part C: Create Access ID and Secret Key
Step 1: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/users
Step 2: Select the user (New or Existing).
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 3: Choose the Security Credentials tab and choose Create Access key
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 4: Select “Application Running Outside AWS” and click Next
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 5: Provide tag value for access keys
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 6: Copy the access key and secret access key. These two values will be required to run the Assessment.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Part D: Running Assessment Using the Assessment App
Step 1: Enter the Client ID and Client secret key to connect to your AWS account. Also select the region for which you want to run the Assessment. Click on ‘Initiate Assessment’ to trigger the Assessment process.
Note
If you want to review the permissions which are required to run the Assessment, you may do so by clicking on the ‘Review Policy’ button.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 2: Once the authentication is successful, the app will download some dependencies in order to run the tool.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 3: Post this, the Assessment of the selected environment will start. This process may take anywhere from 90 to 120 mins.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 4: Post fetching the details, the Assessment process will start. You can click on the ‘Refresh’ button to view the status of the Assessment. By default, the status will auto refresh every 30 seconds.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 5: Once all the VMs have been processed, the Assessment report will be created. You can check the details in the report which will be located in the downloads folder. Clicking on the ‘Upload’ button will upload the report to the Lucidity server. The insights from the Assessment will be made available on the Lucidity Assessment Dashboard once the report has been processed.
Note
Currently, the max file size that can be uploaded automatically via the app is 1000 MB. If the size of the zip file that has been generated is greater than 1000 MB, please reach out to us and we will share a secure S3 location where the file can be uploaded.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)
Step 6: The preliminary results from the Assessment can be viewed on the Assessment dashboard itself. More detailed insights will be presented, once the Lucidity team has done further analysis on the report.
.png?sv=2022-11-02&spr=https&st=2026-04-01T19%3A28%3A08Z&se=2026-04-01T19%3A41%3A08Z&sr=c&sp=r&sig=r69VdsTT%2B2zqwZX9jI9Mlor6FKW7FUNAuYVyZPiBmGY%3D)