AWS Account Credentials

Updated Sep 27, 2023

AWS account credentials

Arctic Wolf® uses your Amazon Web Services® (AWS) credentials to monitor your AWS accounts for suspicious or malicious activity. See AWS Permissions Granted to Arctic Wolf for more information on what Arctic Wolf monitors in your AWS account.

An AWS account number is a 12-digit ID that provides unique identification to an AWS account. To monitor your accounts, you must provide your AWS account numbers to your Concierge Security® Team (CST).

To implement monitoring of your AWS accounts, you must have access to these portals:

Note: This is a required AWS configuration for Arctic Wolf to monitor AWS accounts. See Configure AWS Account Monitoring for all configuration steps.

Once you provide your account numbers to your CST on the Arctic Wolf Portal, they will confirm that your AWS accounts are authorized to send data. After confirmation, you can configure your AWS accounts to send CloudTrail events to the Arctic Wolf infrastructure. Arctic Wolf monitors these CloudTrail events to detect and respond to threats.

Multiple AWS accounts

If you have multiple AWS accounts that you want Arctic Wolf to monitor:

Provide AWS account credentials to Arctic Wolf

Repeat these procedures for each AWS account that you want Arctic Wolf to monitor. For more information on monitoring multiple accounts, see Multiple AWS accounts.

  1. Obtain your AWS account number.
  2. Provide credentials to Arctic Wolf

Step 1: Obtain your AWS account number

  1. Sign in to the AWS Management console.

  2. In the menu bar, click Support > Support Center.

  3. Locate your Account Number.

    AWS Management console with the account number visible

  4. Copy the Account Number value, and then paste it in a temporary text file.

Step 2: Provide credentials to Arctic Wolf

Repeat these steps for each AWS account that you must configure:

  1. Sign in to the Arctic Wolf Unified Portal.

  2. In the menu bar, click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, from the Account Type list, select Cloud Detection and Response.

  5. From the list of cloud services, select AWS.

  6. On the Add Account page, complete these steps:

    1. Account Name — Enter a unique and descriptive name for the account.
    2. In the Account ID field, enter the AWS account number.
    3. Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
  7. Click Test and Submit Credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.

After you register each AWS account ID, you can begin configuring your AWS accounts to send security-related information to Arctic Wolf.

Next steps

Proceed to Configure AWS CloudTrail Event Monitoring to configure your AWS account and send CloudTrail events to Arctic Wolf.

Tip: See Configure AWS Account Monitoring for required and optional AWS configurations.