AWS cloud environment scanning

You can manually configure AWS for Arctic Wolf® Cloud Security Posture Management (CSPM). For instructions on how to configure AWS using a Terraform script, see Configuring AWS Cloud Environment Scanning With Terraform.

Configure AWS cloud monitoring

1. Determine the Arctic Wolf AWS account ID
2. Create a new IAM role
3. Create a policy
4. Add IAM identity permissions
5. Provide credentials to Arctic Wolf

Step 1: Determine the Arctic Wolf AWS account ID

To determine the correct Arctic Wolf AWS account ID needed to create a new Identity and Access Management (IAM) role:

1. Open this link to the Arctic Wolf Portal.
2. Make note of the AWS Account ID value.

Step 2: Create a new IAM role

1. Open the AWS IAM console.

2. Click Roles.

3. Click Create role to create a new IAM role.

4. Click Another AWS account.

5. In to the Account ID field, copy and paste the Arctic Wolf AWS Account ID from Determine the Arctic Wolf AWS Account ID.

6. Click Require external ID.

7. In the External ID field, enter your 12-digit AWS account ID.

   Note: Do not select Require MFA.

8. Click Next: Permissions.

9. Select SecurityAudit as the Policy.

   This policy includes a minimal set of read-only privileges that are required to perform a security audit of the account.

10. For the Role name, enter AWNSecurityAuditRole, and enter a description for the role if desired.

    Tip: This is the default role name value that Arctic Wolf looks for.

11. Click Create role.

12. Click Roles > AWNSecurityAuditRole.

13. Make note of the provided Role ARN for use in Provide credentials to Arctic Wolf.

Step 3: Create a policy

1. Open the AWS IAM console.

2. Click Roles > AWNSecurityAuditRole to open the role that you just created.

3. Click Add permissions > Create inline policy.

4. In the new window, click Choose a Service.

5. Type SES in the search bar.

6. Select SES from the search results.

7. In the Actions section, enter DescribeActiveReceiptRuleSet in the Specify the actions allowed in SES search bar.

8. Select the DescribeActiveReceiptRuleSet checkbox from the search results.

9. Select Add more permissions.

10. Type EC2 in the search bar.

11. Select EC2 from the search results.

12. In the Actions section, enter GetEbsDefaultKmsKeyId in the Specify the actions allowed in EC2 search bar.

13. Select the GetEbsDefaultKmsKeyId checkbox from the search results.

    Tip: Depending on your environment settings, you can search for and select other conditions.

14. Click Next:Tags > Next:Review

15. Enter a name for your policy, and optionally enter a description.

16. Review the change summary and, if you are satisfied, click Create Policy.

Step 4: Add IAM identity permissions

1. Open the AWS IAM console.
2. Click Roles > AWNSecurityAuditRole to modify the role that you created.
3. Below the Summary section, click Attach Policies.
4. Under Attach Permissions, select the policy that you created in Create a policy.

Step 5: Provide credentials to Arctic Wolf

1. Sign in to the Arctic Wolf Unified Portal.

2. In the menu bar, click Telemetry Management > Connected Accounts.

3. Click Add Account +.

4. On the Add Account page, from the Account Type list, select Cloud Security Posture Management.

5. From the list of cloud services, select AWS CSPM.

6. On the Add Account page, complete these steps:

   • Account Name — Enter a unique and descriptive name for the account.
   • In the Account ID field, enter the AWS account number.
   • In the Role ARN field, enter the Role ARN value obtained in Create a new IAM role.
   • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.

7. Click Test and Submit Credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.

See also

• Creating a role for an IAM user
• Create IAM policies
• Adding and removing IAM identity permissions