AWS Setup

AWS setup overview

Secberus is completely agentless and uses a read-only API permission to securely access your AWS metadata. In order to create a data source for an AWS account you will need administrative access to the AWS console.

❗️

SETUP ORGANIZATIONS FIRST

Secberus Organizations allow users to segment visibility, posture, teams, and actions in the platform.

Cloud environment data sources can only exist within an Organization, so it is important to make sure you setup your organizational structure first before onboarding cloud environments to those specific Organizations.

Click here to Setup Organizations.

Connecting an AWS account

📘

What to Expect

Connecting an AWS account takes about 5 minutes and requires administrative access to the cloud environment you wish to connect.

1. Use Search to navigate to the IAM dashboard within the AWS Management Console.

2. From the IAM dashboard, in the left-hand navigation bar, under Access management, select Users.

3. Create a user with Add users or select an existing user from the Users list.

4. With the user selected, choose Add permissions from the Add permissions menu.

5. Select Attach policies directly under Permissions options.

6. From the Add permissions screen, type 'SecurityAudit' in the Search bar and check the box next to the SecurityAudit policy.

7. From the same Add permissions screen, type 'AWSCloudTrail_ReadOnlyAccess' in the Search bar and check the box next to AWSCloudTrail_ReadOnlyAccess.

8. With both policies now selected, click the Next button.

9. From the Review screen select Add permissions.

10. You will be returned to the Users screen with a notification that the 2 policies have been added to the User.

📘

s3 Object Permissions

In order to collect s3 objects for your s3 buckets, we need the s3:ListObjects permission. The s3:ListBucket action grants the permission we require. You will need to create a policy with this action and attach it to your Secberus user.

11. From the IAM dashboard, in the left-hand navigation bar, under Access management, select Policies.

12. Select Create policy from the Policies screen.

13. From the Create policy screen, select the JSON tab.

14. Copy the following policy and paste it in the JSON editor:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "*"
        }
    ]
}

15. With the policy in place, click the Next: Tags button.

16. Add any optional tags to the policy and then click the Next: Review button.

17. Name and optionally describe your policy and then click the Create policy button.

18. You will be returned to the Policies screen with a notification that the policy has been created.

📘

Lambda Permissions

In order to collect data for lambda resources, we need specific lambda permissions. The Lambda:List & Lambda:Get action grants the permission we require.

18. From the Policies screen select Create Policy.

19. From the Create policy screen select the JSON tab.

20. In the JSON editor add the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "lambda:ListProvisionedConcurrencyConfigs",
                "lambda:ListFunctionEventInvokeConfigs",
                "lambda:ListFunctions",
                "lambda:ListVersionsByFunction",
                "lambda:GetFunction",
                "lambda:ListAliases",
                "lambda:ListEventSourceMappings",
                "lambda:ListLayerVersions",
                "lambda:ListLayers",
                "lambda:GetCodeSigningConfig",
                "lambda:GetFunctionCodeSigningConfig"
            ],
            "Resource": "*"
        }
    ]
}

21. With the policy in place, click the Next: Tags button.

22. Optionally add tags and click the Next:Review button.

23. Add a Name and optionally a Description and then click the Create policy button.

24. You will be returned to the Policies screen with a notification that the policy has been created.

25. Select the Users item under Access management.

26. Open the user that you have previously given SecurityAudit and AWSCloudTrail_ReadOnlyAccess permissions.

27. Select Add permissions from the Add permissions menu.

28. Select Attach policies directly from the Add permissions screen.

29. Use the Search field to find the s3 and Lambda policies you have just created. Select these policies using their checkboxes and then click the Next button.

30. From the Review screen confirm the policies are correct and then click the Add permissions button.

31. You will be returned to the User screen with confirmation the 2 policies have been added to the user.

32. From the User screen select the Security credentials tab.

33. Scroll down to the Access keys section and select Create access key.

34. Select the Other option from the Access key best practices & alternatives menu and click the Next button.

35. Optionally add a description tag on the Set description tag screen and click the Create access key button.

36. Copy and preserve the Access key and Secret access key from the Retrieve access keys page.

37. Log into Secberus, navigate to Settings, and select the Data sources item.
38. Choose the AWS data source type in the Add new data source section.

39. Populate the Name field, select the appropriate Regions, and choose Using IAM user credentials as the Authentication method. Then copy the credentials you have saved from step 36 into the Access key ID and Secret access key fields.

40. With the credentials in place, click the Connect button to initialize your data source.

👍

CONGRATULATIONS 🎉

You successfully onboarded an AWS account. You can add more AWS accounts, onboard other cloud provider accounts, or apply a policy to this AWS account. Additionally, you can view the connection status once Secberus begins collecting resource data for evaluation.