Amazon Web Services
AWS Source
ThreatKey supports discovery, monitoring, and automatic resolution of security findings for Amazon Web Services accounts.
Connecting
To connect an AWS account, you can either:
- Manually create AWS IAM roles or users with the appropriate permissions.
- Use the CloudFormation-based connection wizard to setup AWS IAM roles.
Roles are recommended
Although the manual connection process allows uploading AWS IAM user keys, it is best practice to instead use AWS IAM roles. The documentation below will only refer to roles for readability's sake, but AWS IAM user access keys are supported as well.
Both enrollment flows guide you through the steps to create two AWS IAM roles in your AWS account.
- A read-only role, which is by default called
ThreatKeyAudit
. This role is used to evaluate AWS asset details. - A role with the AdministratorAccess policy, which is by default called
ThreatKey
. This role is used to set up both the read-only role and Cloudtrail event forwarding.
Permissions
As of 2021/11/05, the permissions required for the two roles are as follows:
- Read-only role or user
- Fix/Setup role or user