Amazon Web Services

Strengthen the security of your Amazon Web Services (AWS) environment with ThreatKey's AWS integration. This feature enables proactive detection of misconfigurations and security risks, providing comprehensive protection for your cloud-based operations. It also comes equipped with a robust mechanism for managing and tracking remediation efforts, ensuring quick and effective resolution of any identified security threats.

Key features

Security risk identification

Using advanced analytics, ThreatKey's AWS integration identifies potential security risks and misconfigurations within your AWS environment. This early detection capability facilitates timely intervention and mitigation, securing your cloud-based operations.

Remediation management

The AWS integration includes a comprehensive remediation management feature. This tool streamlines the management and tracking of your remediation efforts, leading to swift and efficient resolution of identified security risks.

Reporting and analytics

Get a deeper understanding of your AWS environment's security posture with detailed reporting and analytics. These insights inform strategic decisions, assist in compliance efforts, and promote continuous improvement in security practices.

Installation and setup

Setting up the ThreatKey's AWS integration is straightforward. Begin by connecting your AWS account with ThreatKey on the integration page within the ThreatKey platform. Follow the step-by-step setup process to boost the security of your AWS environment.

Connecting

To connect an AWS account, you can either:

• Manually create AWS IAM roles with the appropriate permissions.
• Use the CloudFormation-based connection wizard to setup AWS IAM roles. (Link to CloudFormation template)

Both enrollment flows guide you through the steps to create two AWS IAM roles in your AWS account.

• A read-only role, which is by default called ThreatKeyAudit . This role is used to evaluate AWS asset details.
• A role with the AdministratorAccess policy, which is by default called ThreatKey . This role is used to set up both the read-only role and CloudTrail event forwarding.

Automated enrollment

1. Sign in to the AWS Management Console:

• Navigate to the AWS Management Console and sign in with your AWS account credentials.

2. Install CloudFormation template:

• Navigate to the ThreatKey AWS Source connection page.
• Click "Install Template" which will open the AWS console in a new tab
• Click the checkbox "I acknowledge that AWS CloudFormation might create IAM resources with custom names." then click "Create stack"

3. Capture the AWS Role ARN:

• Wait for the stack deployment to reach the completed stage.
• Click outputs and copy the Role ARN

4. Enter Role ARN on ThreatKey AWS Source connection page:

• Close the AWS console tab which should bring you back to the AWS Source connection page
• Enter the Role ARN from step 7 in the text box and click "Connect to Amazon Web Services"

Manual enrollment

1. Sign in to the AWS Management Console:

   • Navigate to the AWS Management Console and sign in with your AWS account credentials.

2. Access the IAM Dashboard:

   • Sign in to AWS and navigate to the IAM dashboard

3. Create a new IAM Role:

   • On the IAM dashboard, click on Roles from the left pane.
   • Click the Create role button.
   • Choose Another AWS account under the "Choose the trusted entity type" section.
   • For "Account ID," input 742123671053.
   • In the "Options" section, enable "Require external ID" and provide the UUID that's found on the ThreatKey AWS Source connection page.
   • Click Next: Permissions.

4. Attach Policies:

   • Search for AdministratorAccess in the search box.
   • Select the AdministratorAccess policy from the results.
   • Proceed by clicking Next: Tags.

5. (Optional) Add Tags:

   • This step is optional if you don't intend to tag the role.
   • If adding tags, provide the necessary key-value pairs.
   • Continue by clicking Next: Review.

6. Review and Create Role:

   • For "Role name," use the format ThreatKey-UuidFromAwsSourceConnectionPage (for example ThreatKey-FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF).
   • In "Role description," input IAM Role used for initial deployment and automatic fixes by ThreatKey.
   • Review all details to ensure correctness.
   • Finish by clicking Create role.

7. Capture the Role ARN:

   • Once the role is created, you'll be redirected to the roles list. Locate and select your role.
   • The "Role ARN" will be visible on the summary page of the role. Make sure to copy this ARN for any later needs or for sharing purposes.

8. Enter Role ARN on ThreatKey AWS Source connection page:

   • Navigate to the ThreatKey AWS Source connection page.
   • Click "Skip (Role Already Created)"
   • Enter the Role ARN from step 7 in the text box and click "Connect to Amazon Web Services"

Permissions

As of 2021/11/05, the permissions required for the two roles are as follows:

• Read-only role
  • arn:aws:iam::aws:policy/SecurityAudit
  • arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
• Fix/Setup role
  • arn:aws:iam::aws:policy/AdministratorAccess

Benefits

• Enhanced Security: Proactively identify and rectify potential security risks and misconfigurations in your AWS environment.
• Efficient Remediation: Manage and track remediation efforts effectively, ensuring swift and successful resolution of security issues.
• Informed Decision-Making: Leverage detailed reports and analytics to guide strategic decisions and foster continuous security improvement.
• Streamlined Compliance: Simplify compliance efforts with comprehensive reporting and analytics.

By integrating ThreatKey with your AWS environment, you are taking a significant step towards a more secure, efficient, and resilient cloud infrastructure.

Need help?

Our expert support team is always ready to assist with any issues or questions during the installation and setup process. You can reach them at support@threatkey.com or through our live chat.

Fortify your AWS environment's security posture with ThreatKey's AWS integration today.