Configuring AWS Cloud Environment Configuration Scanning

Configuration Guide

Overview

This document describes how to configure scanning for your Amazon Web Services (AWS) cloud environment configurations. Cloud scans are part of your Cloud Security Posture Management (CSPM).

Note: You are only able to configure cloud scanning if you are either an Arctic Wolf® Managed Risk customer, or you are both a Managed Risk and a Managed Detection and Response customer.

You need to create a role in your AWS account and then provide the appropriate information on the Arctic Wolf Portal.

Determining the Arctic Wolf AWS account ID

To determine the correct Arctic Wolf AWS account ID needed to create a new IAM role:

  1. Open this link to the Arctic Wolf Portal. You are prompted to sign in.

  2. Make note of the AWS Account ID value.

  3. Proceed to Creating a new IAM role.

Creating a new IAM role

To create a role:

  1. Navigate to the AWS Identity and Access Management (IAM) console.

  2. Select Roles, and then select Create role to create a new IAM role.

  3. Select Another AWS account.

  4. Copy and paste the Arctic Wolf AWS Account ID from the Arctic Wolf Portal in to the Account ID field, and then select Require external ID.

    Tip: See Determining the Arctic Wolf AWS Account ID for instructions.

  5. Enter your 12-digit AWS account ID in the External ID text box, and then click Next: Permissions.

    Note: Do not select Require MFA.

  6. Select SecurityAudit as the Policy.

    Tip: This policy includes a minimal set of read-only privileges that are required to perform a security audit of the account.

  7. Enter AWNSecurityAuditRole for the Role name, and enter a description for the role if desired.

    Tip: This is the default value which Arctic Wolf looks for as the role name.

  8. Click Create role.

  9. Click AWNSecurityAuditRole to open the role, and make note of the provided Role ARN to use when Providing credentials to Arctic Wolf.

Providing credentials to Arctic Wolf

To submit your credentials on the Arctic Wolf Portal:

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select + Add Account to open the Add Account form.

  4. Select Cloud Security Posture Management as the Account Type.

  5. Select AWS, and then fill in the form:

    1. Enter an Account Name.

    2. Enter your AWS Account ID.

    3. Provide the Role ARN value from Creating a new IAM role.

  6. Click Submit to CST.

  7. When prompted with the confirmation message, review your submission and then click Done. This returns you to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the status of your AWS credentials changes to Connected.