Configuring AWS Cloud Environment Scanning

Configuration Guide

Overview Direct link to this section

This document describes how to configure scanning for your Amazon Web Services (AWS) cloud environment configurations. Cloud scans are part of your Cloud Security Posture Management (CSPM).

Note: You are only able to configure cloud scanning if you are either an Arctic Wolf® Managed Risk customer, or you are both a Managed Risk and a Managed Detection and Response customer.

You need to create a role in your AWS account and then provide the appropriate information on the Arctic Wolf Portal.

Determining the Arctic Wolf AWS account ID Direct link to this section

To determine the correct Arctic Wolf AWS account ID needed to create a new IAM role:

  1. Open this link to the Arctic Wolf Portal. You are prompted to sign in.

  2. Make note of the AWS Account ID value.

  3. Proceed to Creating a new IAM role.

Creating a new IAM role Direct link to this section

To create a role:

  1. Navigate to the AWS Identity and Access Management (IAM) console.

  2. Select Roles, and then select Create role to create a new IAM role.

  3. Select Another AWS account.

  4. Copy and paste the Arctic Wolf AWS Account ID from the Arctic Wolf Portal in to the Account ID field, and then select Require external ID.

    Tip: See Determining the Arctic Wolf AWS Account ID for instructions.

  5. Enter your 12-digit AWS account ID in the External ID text box, and then click Next: Permissions.

    Note: Do not select Require MFA.

  6. Select SecurityAudit as the Policy.

    Tip: This policy includes a minimal set of read-only privileges that are required to perform a security audit of the account.

  7. Enter AWNSecurityAuditRole for the Role name, and enter a description for the role if desired.

    Tip: This is the default value which Arctic Wolf looks for as the role name.

  8. Click Create role.

  9. Click Roles > AWNSecurityAuditRole to open the role, and make note of the provided Role ARN to use when Providing credentials to Arctic Wolf.

Creating a policy Direct link to this section

To create a policy:

  1. If you have not already done so, click Roles > AWNSecurityAuditRole to open the role that you just created.

  2. Below the Summary section, select Attach Policies.

  3. Under Attach Permissions, select Create policy. This opens a new window.

  4. Select Choose a Service, and then type SES in the search bar.

  5. Select SES from the search results.

  6. In the Actions section, enter DescribeActiveReceiptRuleSet in the Specify the actions allowed in SES search bar.

  7. Select the DescribeActiveReceiptRuleSet checkbox from the search results.

    Tip: Depending on your environment settings, you can search for and select other conditions, as desired.

  8. Select Next:Tags > Next:Review

  9. Enter a name for your policy, and optionally enter a description.

  10. Review the summary of changes, and, if you are satisfied, select Create Policy.

Providing credentials to Arctic Wolf Direct link to this section

To submit your credentials on the Arctic Wolf Portal:

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select +Add Account to open the Add Account form.

  4. Select Cloud Security Posture Management as the Account Type.

  5. Select AWS, and then fill in the form:

    1. Enter an Account Name.

    2. Enter your AWS Account ID.

    3. Provide the Role ARN value from Creating a new IAM role.

  6. Select Submit to CST.

  7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team adds this account to your scan configuration, the status of your credentials changes to Connected.