AWS Setup
This page explains how to setup & onboard an AWS account on SECBERUS.
AWS setup overview
Secberus is completely agentless and uses a read-only API permission to securely access your AWS metadata. In order to create a data source for an AWS account you will need administrative access to the AWS console.
SETUP ORGANIZATIONS FIRST
Secberus Organizations allow users to segment visibility, posture, teams, and actions in the platform.
Cloud environment data sources can only exist within an Organization, so it is important to make sure you setup your organizational structure first before onboarding cloud environments to those specific Organizations.
Click here to Setup Organizations.
Connecting an AWS account
What to Expect
Connecting an AWS account takes about 5 minutes and requires administrative access to the cloud environment you wish to connect.
- Use Search to navigate to the IAM dashboard within the AWS Management Console.

Navigate to the IAM dashboard within the AWS Management Console
- From the IAM dashboard, in the left-hand navigation bar, under Access management, select Users.

From the 'IAM dashboard' select the 'Users' item under 'Access Management'
- Create a user with Add users or select an existing user from the Users list.

Create or Select a User for the Secberus Platform
- With the user selected, choose Add permissions from the Add permissions menu.

Select 'Add permissions' for the User
- Select Attach policies directly under Permissions options.

Select 'Attach policies directly' under 'Permissions options'
- From the Add permissions screen, type 'SecurityAudit' in the Search bar and check the box next to the SecurityAudit policy.

Find and select the 'SecurityAudit' policy
- From the same Add permissions screen, type 'AWSCloudTrail_ReadOnlyAccess' in the Search bar and check the box next to AWSCloudTrail_ReadOnlyAccess.

Find and select the 'AWSCloudTrail_ReadOnlyAccess' policy
- With both policies now selected, click the Next button.

Click 'Next'
- From the Review screen select Add permissions.

Click 'Add permissions'
- You will be returned to the Users screen with a notification that the 2 policies have been added to the User.

Observe that 2 policies have been added to the User
s3 Object Permissions
In order to collect s3 objects for your s3 buckets, we need the
s3:ListObjects
permission. Thes3:ListBucket
action grants the permission we require. You will need to create a policy with this action and attach it to your Secberus user.
- From the IAM dashboard, in the left-hand navigation bar, under Access management, select Policies.

Select 'Policies' under 'Access management'
- Select Create policy from the Policies screen.

Select 'Create policy'
- From the Create policy screen, select the JSON tab.

Select 'JSON'
- Copy the following policy and paste it in the JSON editor:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "*"
}
]
}
- With the policy in place, click the Next: Tags button.

Select 'Next: Tags'
- Add any optional tags to the policy and then click the Next: Review button.

Select 'Next: Review'
- Name and optionally describe your policy and then click the Create policy button.

Select 'Create policy'
- You will be returned to the Policies screen with a notification that the policy has been created.

Observe that the s3 policy has been created
Lambda Permissions
In order to collect data for lambda resources, we need specific lambda permissions. The
Lambda:List & Lambda:Get
action grants the permission we require.
- From the Policies screen select Create Policy.

Select 'Create Policy'
- From the Create policy screen select the JSON tab.

Select 'JSON'
- In the JSON editor add the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"lambda:ListProvisionedConcurrencyConfigs",
"lambda:ListFunctionEventInvokeConfigs",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction",
"lambda:GetFunction",
"lambda:ListAliases",
"lambda:ListEventSourceMappings",
"lambda:ListLayerVersions",
"lambda:ListLayers",
"lambda:GetCodeSigningConfig",
"lambda:GetFunctionCodeSigningConfig"
],
"Resource": "*"
}
]
}
- With the policy in place, click the Next: Tags button.

Select 'Next: Tags'
- Optionally add tags and click the Next:Review button.

Select 'Next: Review'
- Add a Name and optionally a Description and then click the Create policy button.

Select 'Create policy'
- You will be returned to the Policies screen with a notification that the policy has been created.

Observe that the Lambda policy has been created
- Select the Users item under Access management.

Select 'Users' under 'Access management'
- Open the user that you have previously given
SecurityAudit
andAWSCloudTrail_ReadOnlyAccess
permissions.

Select the Secberus platform user
- Select Add permissions from the Add permissions menu.

Select 'Add permissions'
- Select Attach policies directly from the Add permissions screen.

Select 'Attach policies directly'
- Use the Search field to find the
s3
andLambda
policies you have just created. Select these policies using their checkboxes and then click the Next button.

Select the s3 and Lambda policies and click 'Next'
- From the Review screen confirm the policies are correct and then click the Add permissions button.

Select 'Add permissions'
- You will be returned to the User screen with confirmation the 2 policies have been added to the user.

Observe the s3 and Lambda policies have been added
- From the User screen select the Security credentials tab.

Select 'Security credentials'
- Scroll down to the Access keys section and select Create access key.

Select 'Create access key'
- Select the Other option from the Access key best practices & alternatives menu and click the Next button.

Select 'Other' and click the 'Next' button
- Optionally add a description tag on the Set description tag screen and click the Create access key button.

Click 'Create access key'
- Copy and preserve the Access key and Secret access key from the Retrieve access keys page.

- Log into Secberus, navigate to Settings, and select the Data sources item.
- Choose the AWS data source type in the Add new data source section.

- Populate the Name field, select the appropriate Regions, and choose Using IAM user credentials as the Authentication method. Then copy the credentials you have saved from step 36 into the Access key ID and Secret access key fields.

- With the credentials in place, click the Connect button to initialize your data source.
CONGRATULATIONS 🎉
You successfully onboarded an AWS account. You can add more AWS accounts, onboard other cloud provider accounts, or apply a policy to this AWS account. Additionally, you can view the connection status once Secberus begins collecting resource data for evaluation.
Updated 2 days ago
Learn how to apply