AWS CSPM — CLI Configuration

Updated Jan 26, 2024

Configure AWS for Arctic Wolf CSPM using CLI

You can configure Amazon Web Services (AWS)® for Arctic Wolf® Cloud Security Posture Management (CSPM) using CLI.

Requirements

Steps

  1. Determine the Arctic Wolf AWS account ID.
  2. Create the AWS roles and policies.
  3. Provide your AWS credentials to Arctic Wolf.

Step 1: Determine the Arctic Wolf AWS account ID

  1. Sign in to the Arctic Wolf Unified Portal.
  2. Click > Allowlist Requirements.
  3. In the Cloud Infrastructure Scans section, in the AWS row, copy the Account ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 2: Create the AWS roles and policies

  1. Run this command to create the AWN Custom Policy:
aws iam create-policy --policy-name AWNCustomPolicy --policy-document '{ "Version": "2012-10-17",
"Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ses:DescribeActiveReceiptRuleSet" "ec2:GetEbsDefaultKmsKeyId" ], "Resource": "*" } ] }'
  1. Run this command to create the AWN Security Audit Role.
aws iam create-role --role-name AWNSecurityAuditRole --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<AWaccount_id>:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "<your_account_id>" } } } ] }'

Where:

  1. Run this command to get the ARN of the AWN Custom Policy:

    custom_role_policy_arn=$(aws iam list-policies --query "Policies[?PolicyName=='AWNCustomPolicy'].Arn" --output text)
  2. Run this command to get the ARN of the Security Audit Policy:

    audit_role_policy_arn=$(aws iam list-policies --query "Policies[?PolicyName=='SecurityAudit'].Arn" --output text)
  3. Run these commands to attach policies to the AWN Security Audit Role:

    aws iam attach-role-policy --role-name AWNSecurityAuditRole --policy-arn $custom_role_policy_arn
    aws iam attach-role-policy --role-name AWNSecurityAuditRole --policy-arn $audit_role_policy_arn

Step 3: Provide your AWS credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Security Posture Management.

  5. In the Cloud Service list, select AWS CSPM.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Account ID — Enter the AWS account number.

    • Role ARN — Enter the role ARN from Create a new IAM role.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  7. Click Test and submit credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.