AWS CSPM — Script Configuration
Updated Nov 2, 2023Configure AWS for Arctic Wolf CSPM using a Terraform script
You can configure Amazon Web Services (AWS)® for Arctic Wolf® Cloud Security Posture Management (CSPM) using a Terraform® script.
Requirements
- A valid Arctic Wolf Managed Risk license
- These tools, which are automatically configured during installation:
- Terraform binary version 1.3.7 or newer
Tip: Run
terraform version
to verify your existing Terraform version. - AWS CLI
- CSPM AWS Terraform script
- Terraform binary version 1.3.7 or newer
Steps
- Determine the Arctic Wolf AWS account ID.
- Create an IAM policy.
- Create an IAM user.
- Create an access key.
- Configure the AWS CLI.
- Configure the CSPM Terraform script.
- Provide credentials to Arctic Wolf.
Step 1: Determine the Arctic Wolf AWS account ID
- Sign in to the Arctic Wolf Portal.
- In the CSPM AWS Account ID section, copy the Arctic Wolf AWS Account ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
Step 2: Create an IAM policy
-
Sign in to the AWS IAM console.
-
In the Access Management section, click Policies.
-
Click Create policy.
-
Select JSON, and then add these values to the
Statement
array:"Statement": [ { "Sid": "CustomPolicyForACGAWSTFCourse", "Action": [ "iam:GetPolicy", "iam:GetPolicyVersion", "iam:CreatePolicy", "iam:CreateRole", "iam:TagRole", "iam:GetRole", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfilesForRole", "iam:DeleteRole", "iam:DeletePolicy", "iam:AttachRolePolicy" ], "Effect": "Allow", "Resource": "*" } ]
-
Click Next.
-
Enter details about the policy as needed. For example, a description or tags.
-
Click Create Policy.
Step 3: Create an IAM user
Note: You can use an existing IAM user and attach the policy that you created in Create an IAM policy. However, Arctic Wolf suggests creating a new IAM user to make sure that Terraform has only the permissions needed to configure CSPM.
- Sign in to the AWS IAM console.
- In the Access Management section, click Users.
- Click Add users.
- Enter a name for the IAM user.
- Click Next.
- Select Attach policies directly, and then select the policy that you created in Create an IAM policy.
- Click Next.
- Click Create user.
Step 4: Create an access key
-
In the AWS IAM console, click Users.
-
Click Preferences.
-
Click the Access key ID toggle to the on position.
-
Click Confirm.
-
On the Users page, select the user that you created in Create an IAM user.
-
Click Security credentials.
-
In the Access keys section, click Create access key.
-
Click Command Line Interface (CLI).
-
Select the I understand the above recommendation and want to proceed to create an access key checkbox.
-
Click Next.
-
Enter a description for the access key.
-
Click Create access key.
-
Copy the Access key and the Secret access key, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.
Note: You cannot view the access keys again once you leave this screen.
Step 5: Configure the AWS CLI
- In a terminal, run this command to configure the settings that the AWS CLI uses to interact with AWS:
aws configure
- Configure these settings:
- AWS Access Key ID — Enter your access key ID from Create an access key.
- AWS Secret Access Key — Enter your secret access key from Create an access key.
- Default region name — Keep this field empty.
- Default output format — Keep this field empty.
Step 6: Configure the CSPM Terraform script
For each AWS account that you want CSPM to scan, complete these steps:
-
Find the folder where you extracted the Arctic Wolf Terraform script.
-
In a text editor, open the
terraform.tfvars
file. -
Find this line, and then replace
123456789012
with the AWS account ID that will be scanned:aws-account-id = "123456789012"
-
Find this line, and then replace
123456789012
with the Arctic Wolf account ID from Before you begin:awn-account = "123456789012"
-
Open a terminal and navigate to the Terraform directory.
-
Run this command to initialize Terraform:
terraform init
-
Run these commands to confirm that the module has been properly implemented:
terraform validate terraform plan terraform apply
Step 7: Provide credentials to Arctic Wolf
For each AWS account that you want CSPM to scan, complete these steps:
-
Sign in to the Arctic Wolf Unified Portal.
-
In the menu bar, click Telemetry Management > Connected Accounts.
-
Click Add Account +.
-
On the Add Account page, in the Account Type list, select Cloud Security Posture Management.
-
In the Cloud Services list, select AWS CSPM.
-
On the Add Account page, configure these settings:
-
Account Name — Enter a unique and descriptive name for the account.
-
Account ID — Enter the AWS account number.
-
Role ARN — Enter this line, where
<aws_account>
is the AWS account number:arn:aws:iam::<aws_account>:role/AWNCSPMTrustRole
-
Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
-
-
Click Test and submit credentials.
After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.
Next steps
- Complete Enable Terraform debugging.
See also
- Complete Configure AWS for Arctic Wolf CSPM.