AWS CSPM — Script Configuration

Updated Nov 2, 2023

Configure AWS for Arctic Wolf CSPM using a Terraform script

You can configure Amazon Web Services (AWS)® for Arctic Wolf® Cloud Security Posture Management (CSPM) using a Terraform® script.

Requirements

Steps

  1. Determine the Arctic Wolf AWS account ID.
  2. Create an IAM policy.
  3. Create an IAM user.
  4. Create an access key.
  5. Configure the AWS CLI.
  6. Configure the CSPM Terraform script.
  7. Provide credentials to Arctic Wolf.

Step 1: Determine the Arctic Wolf AWS account ID

  1. Sign in to the Arctic Wolf Portal.
  2. In the CSPM AWS Account ID section, copy the Arctic Wolf AWS Account ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 2: Create an IAM policy

  1. Sign in to the AWS IAM console.

  2. In the Access Management section, click Policies.

  3. Click Create policy.

  4. Select JSON, and then add these values to the Statement array:

        "Statement": [
          {
            "Sid": "CustomPolicyForACGAWSTFCourse",
            "Action": [
            "iam:GetPolicy",
            "iam:GetPolicyVersion",
            "iam:CreatePolicy",
            "iam:CreateRole",
            "iam:TagRole",
            "iam:GetRole",
            "iam:ListRolePolicies",
            "iam:ListAttachedRolePolicies",
            "iam:ListInstanceProfilesForRole",
            "iam:DeleteRole",
            "iam:DeletePolicy",
            "iam:AttachRolePolicy"
            ],
            "Effect": "Allow",
            "Resource": "*"
          }
        ]
  5. Click Next.

  6. Enter details about the policy as needed. For example, a description or tags.

  7. Click Create Policy.

Step 3: Create an IAM user

Note: You can use an existing IAM user and attach the policy that you created in Create an IAM policy. However, Arctic Wolf suggests creating a new IAM user to make sure that Terraform has only the permissions needed to configure CSPM.

  1. Sign in to the AWS IAM console.
  2. In the Access Management section, click Users.
  3. Click Add users.
  4. Enter a name for the IAM user.
  5. Click Next.
  6. Select Attach policies directly, and then select the policy that you created in Create an IAM policy.
  7. Click Next.
  8. Click Create user.

Step 4: Create an access key

  1. In the AWS IAM console, click Users.

  2. Click Preferences.

  3. Click the Access key ID toggle to the on position.

  4. Click Confirm.

  5. On the Users page, select the user that you created in Create an IAM user.

  6. Click Security credentials.

  7. In the Access keys section, click Create access key.

  8. Click Command Line Interface (CLI).

  9. Select the I understand the above recommendation and want to proceed to create an access key checkbox.

  10. Click Next.

  11. Enter a description for the access key.

  12. Click Create access key.

  13. Copy the Access key and the Secret access key, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.

    Note: You cannot view the access keys again once you leave this screen.

Step 5: Configure the AWS CLI

  1. In a terminal, run this command to configure the settings that the AWS CLI uses to interact with AWS:
    aws configure
  2. Configure these settings:
    • AWS Access Key ID — Enter your access key ID from Create an access key.
    • AWS Secret Access Key — Enter your secret access key from Create an access key.
    • Default region name — Keep this field empty.
    • Default output format — Keep this field empty.

Step 6: Configure the CSPM Terraform script

For each AWS account that you want CSPM to scan, complete these steps:

  1. Find the folder where you extracted the Arctic Wolf Terraform script.

  2. In a text editor, open the terraform.tfvars file.

  3. Find this line, and then replace 123456789012 with the AWS account ID that will be scanned:

    aws-account-id = "123456789012"
  4. Find this line, and then replace 123456789012 with the Arctic Wolf account ID from Before you begin:

    awn-account = "123456789012"
  5. Open a terminal and navigate to the Terraform directory.

  6. Run this command to initialize Terraform:

    terraform init
  7. Run these commands to confirm that the module has been properly implemented:

    terraform validate
    terraform plan
    terraform apply

Step 7: Provide credentials to Arctic Wolf

For each AWS account that you want CSPM to scan, complete these steps:

  1. Sign in to the Arctic Wolf Unified Portal.

  2. In the menu bar, click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Security Posture Management.

  5. In the Cloud Services list, select AWS CSPM.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Account ID — Enter the AWS account number.

    • Role ARN — Enter this line, where <aws_account> is the AWS account number:

      arn:aws:iam::<aws_account>:role/AWNCSPMTrustRole
    • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.

  7. Click Test and submit credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.

Next steps

See also