AWS CSPM — Manual Configuration
Updated Nov 29, 2023Configure AWS for Arctic Wolf CSPM manually
You can manually configure Amazon Web Services (AWS)® for Arctic Wolf® Cloud Security Posture Management (CSPM).
Requirements
- Access to the AWS IAM console
Steps
- Determine the Arctic Wolf AWS account ID.
- Create a new IAM role.
- Create a policy.
- Provide your AWS cloud credentials to Arctic Wolf.
Step 1: Determine the Arctic Wolf AWS account ID
- Sign in to the Arctic Wolf Portal.
- In the CSPM AWS Account ID section, copy the Arctic Wolf AWS Account ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
Step 2: Create a new IAM role
-
Sign in to the AWS IAM console.
-
In the navigation menu, click Roles.
-
Click Create role.
-
Select AWS account.
-
Select Another AWS account.
-
In the Account ID field, enter the Arctic Wolf AWS account ID from Determine the Arctic Wolf AWS Account ID.
-
Click Require external ID.
-
In the External ID field, enter your 12-digit AWS account ID.
Note: Do not select Require MFA.
-
Click Next.
-
In the search bar, enter
SecurityAudit
. -
In the search results, select the SecurityAudit policy checkbox.
This policy includes a minimal set of read-only privileges that are required to perform a security audit of the account.
-
Click Next.
-
In the Role name field, enter
AWNSecurityAuditRole
.Tip: This is the default role name value that Arctic Wolf looks for.
-
(Optional) In the Description field, and enter a description for the role.
-
Click Create role.
-
Click Roles > AWNSecurityAuditRole.
-
Copy the Role ARN, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
Step 3: Create a policy
-
Sign in to the AWS IAM console.
-
Click Roles > AWNSecurityAuditRole.
-
Click Add permissions > Create inline policy.
-
Click Choose a Service.
-
In the search bar, enter
SES
. -
Select SES from the search results.
-
In the Actions section, in the Specify the actions allowed in SES search bar, enter
DescribeActiveReceiptRuleSet
. -
In the search results, select the DescribeActiveReceiptRuleSet checkbox.
-
Select Add more permissions.
-
In the search bar, enter
EC2
. -
In the search results, select EC2.
-
In the Actions section, in the Specify the actions allowed in EC2 search bar, enter
GetEbsDefaultKmsKeyId
. -
In the search results, select the GetEbsDefaultKmsKeyId checkbox.
Tip: Depending on your environment settings, you can search for and select other conditions.
-
Click Next.
-
In the Policy name field, enter a name for your policy.
-
Click Create Policy.
Step 4: Provide your AWS cloud credentials to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
In the menu bar, click Telemetry Management > Connected Accounts.
-
Click Add Account +.
-
On the Add Account page, in the Account Type list, select Cloud Security Posture Management.
-
In the Cloud Services list, select AWS CSPM.
-
On the Add Account page, configure these settings:
- Account Name — Enter a unique and descriptive name for the account.
- Account ID — Enter the AWS account number.
- Role ARN — Enter the role ARN from Create a new IAM role.
- Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
-
Click Test and submit credentials.
After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.