Configure AWS for Arctic Wolf CSPM manually

You can manually configure Amazon Web Services (AWS)® for Arctic Wolf® Cloud Security Posture Management (CSPM).

Requirements

• Access to the AWS IAM console

Steps

1. Determine the Arctic Wolf AWS account ID.
2. Create a new IAM role.
3. Create a policy.
4. Provide your AWS cloud credentials to Arctic Wolf.

Step 1: Determine the Arctic Wolf AWS account ID

1. Sign in to the Arctic Wolf Portal.
2. In the CSPM AWS Account ID section, copy the Arctic Wolf AWS Account ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 2: Create a new IAM role

1. Sign in to the AWS IAM console.

2. In the navigation menu, click Roles.

3. Click Create role.

4. Select AWS account.

5. Select Another AWS account.

6. In the Account ID field, enter the Arctic Wolf AWS account ID from Determine the Arctic Wolf AWS Account ID.

7. Click Require external ID.

8. In the External ID field, enter your 12-digit AWS account ID.

   Note: Do not select Require MFA.

9. Click Next.

10. In the search bar, enter SecurityAudit.

11. In the search results, select the SecurityAudit policy checkbox.

    This policy includes a minimal set of read-only privileges that are required to perform a security audit of the account.

12. Click Next.

13. In the Role name field, enter AWNSecurityAuditRole.

    Tip: This is the default role name value that Arctic Wolf looks for.

14. (Optional) In the Description field, and enter a description for the role.

15. Click Create role.

16. Click Roles > AWNSecurityAuditRole.

17. Copy the Role ARN, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 3: Create a policy

1. Sign in to the AWS IAM console.

2. Click Roles > AWNSecurityAuditRole.

3. Click Add permissions > Create inline policy.

4. Click Choose a Service.

5. In the search bar, enter SES.

6. Select SES from the search results.

7. In the Actions section, in the Specify the actions allowed in SES search bar, enter DescribeActiveReceiptRuleSet.

8. In the search results, select the DescribeActiveReceiptRuleSet checkbox.

9. Select Add more permissions.

10. In the search bar, enter EC2.

11. In the search results, select EC2.

12. In the Actions section, in the Specify the actions allowed in EC2 search bar, enter GetEbsDefaultKmsKeyId.

13. In the search results, select the GetEbsDefaultKmsKeyId checkbox.

    Tip: Depending on your environment settings, you can search for and select other conditions.

14. Click Next.

15. In the Policy name field, enter a name for your policy.

16. Click Create Policy.

Step 4: Provide your AWS cloud credentials to Arctic Wolf

1. Sign in to the Arctic Wolf Unified Portal.

2. In the menu bar, click Telemetry Management > Connected Accounts.

3. Click Add Account +.

4. On the Add Account page, in the Account Type list, select Cloud Security Posture Management.

5. In the Cloud Services list, select AWS CSPM.

6. On the Add Account page, configure these settings:

   • Account Name — Enter a unique and descriptive name for the account.
   • Account ID — Enter the AWS account number.
   • Role ARN — Enter the role ARN from Create a new IAM role.
   • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.

7. Click Test and submit credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.

See also

• Configure AWS for Arctic Wolf CSPM
• Creating a role for an IAM user
• Create IAM policies
• Adding and removing IAM identity permissions