AWS CSPM Manual Configuration
Updated Sep 27, 2023AWS cloud environment scanning
You can manually configure AWS for Arctic Wolf® Cloud Security Posture Management (CSPM). For instructions on how to configure AWS using a Terraform script, see Configuring AWS Cloud Environment Scanning With Terraform.
Configure AWS cloud monitoring
- Determine the Arctic Wolf AWS account ID
- Create a new IAM role
- Create a policy
- Add IAM identity permissions
- Provide credentials to Arctic Wolf
Step 1: Determine the Arctic Wolf AWS account ID
To determine the correct Arctic Wolf AWS account ID needed to create a new Identity and Access Management (IAM) role:
- Open this link to the Arctic Wolf Portal.
- Make note of the AWS Account ID value.
Step 2: Create a new IAM role
-
Open the AWS IAM console.
-
Click Roles.
-
Click Create role to create a new IAM role.
-
Click Another AWS account.
-
In to the Account ID field, copy and paste the Arctic Wolf AWS Account ID from Determine the Arctic Wolf AWS Account ID.
-
Click Require external ID.
-
In the External ID field, enter your 12-digit AWS account ID.
Note: Do not select Require MFA.
-
Click Next: Permissions.
-
Select SecurityAudit as the Policy.
This policy includes a minimal set of read-only privileges that are required to perform a security audit of the account.
-
For the Role name, enter
AWNSecurityAuditRole
, and enter a description for the role if desired.Tip: This is the default role name value that Arctic Wolf looks for.
-
Click Create role.
-
Click Roles > AWNSecurityAuditRole.
-
Make note of the provided Role ARN for use in Provide credentials to Arctic Wolf.
Step 3: Create a policy
-
Open the AWS IAM console.
-
Click Roles > AWNSecurityAuditRole to open the role that you just created.
-
Click Add permissions > Create inline policy.
-
In the new window, click Choose a Service.
-
Type
SES
in the search bar. -
Select SES from the search results.
-
In the Actions section, enter
DescribeActiveReceiptRuleSet
in the Specify the actions allowed in SES search bar. -
Select the DescribeActiveReceiptRuleSet checkbox from the search results.
-
Select Add more permissions.
-
Type
EC2
in the search bar. -
Select EC2 from the search results.
-
In the Actions section, enter
GetEbsDefaultKmsKeyId
in the Specify the actions allowed in EC2 search bar. -
Select the GetEbsDefaultKmsKeyId checkbox from the search results.
Tip: Depending on your environment settings, you can search for and select other conditions.
-
Click Next:Tags > Next:Review
-
Enter a name for your policy, and optionally enter a description.
-
Review the change summary and, if you are satisfied, click Create Policy.
Step 4: Add IAM identity permissions
- Open the AWS IAM console.
- Click Roles > AWNSecurityAuditRole to modify the role that you created.
- Below the Summary section, click Attach Policies.
- Under Attach Permissions, select the policy that you created in Create a policy.
Step 5: Provide credentials to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
In the menu bar, click Telemetry Management > Connected Accounts.
-
Click Add Account +.
-
On the Add Account page, from the Account Type list, select Cloud Security Posture Management.
-
From the list of cloud services, select AWS CSPM.
-
On the Add Account page, complete these steps:
- Account Name — Enter a unique and descriptive name for the account.
- In the Account ID field, enter the AWS account number.
- In the Role ARN field, enter the Role ARN value obtained in Create a new IAM role.
- Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
-
Click Test and Submit Credentials.
After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.