AWS EC2 Integration

One of the benefits of Threat Stack is the ability to integrate with an Amazon Web Service (AWS) profile. Through this integration, the user can see exactly what instances are protected and which ones are not. When the profile is activated, an initial traversal of the environment is run to establish a baseline. We then continually scan for any instance creation or termination so the Threat Stack Cloud Security PlatformⓇ (CSP) will always reflect the current state of your infrastructure.

The process involves an exchange of information between Threat Stack and AWS. Threat Stack utilizes “read-only” access role, scoped to EC2, that’s completely under your control.

Note

If you wish to integrate with more than one Amazon Web Service account, please review AWS Integrations Overview.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the Threat Stack Console

Tip

Use side-by-side browser windows – one for AWS and one for Threat Stack – to complete these instructions.

1. Begin AWS Integration
  1. Log into the AWS console as an administrator.
  2. Navigate to the Security, Identity, & Compliance section.
  3. Click the link for the IAM service.


    Select_IAM_service.png

  4. In the left navigation pane of the IAM Dashboard, click Roles.


    Select_roles.png

  5. The Roles page displays. Click the Create role button.


    Roles_page_-_create_role.png

Continue to the next section.

2. Create IAM Role
  1. From the Create role page, select the entity to which your role will be associated.
    • For this integration, click the Another AWS Account button.


      Create_role_page.png

  2. In the Account ID field, copy and paste the Account ID value from your Threat Stack account.
    1. Open a new browser window and log into Threat Stack.
    2. In the left navigation pane, click Settings. The Settings page displays.
    3. Click the Integrations tab. The AWS Integrations page displays.
    4. Click the + Add AWS Integration button.
    5. The + Add AWS Integration dialog displays, listing your Account ID and External ID.

      Warning

      Do not close this dialog until the role creation is complete. The External ID is uniquely generated. It must match the value entered during the AWS role creation. If you click the close button, a new External ID is generated.

      Account_and_External_ID.png

  3. In the Options section, select the Require external ID (Best practice when a third party will assume this role) checkbox. An additional field displays.


    Select_require_external_id.png

  4. In the External ID field, copy and paste the External ID value from the Threat Stack + Add AWS Integration dialog as shown in step 2e.


    Specify_account_and_external_id.png

  5. Click the Next: Permissions button. The Attach permissions policies page displays.
  6. Select the AmazonEC2ReadOnlyAccess checkbox. Click the Next: Tags button.
  7. The Add tags (optional) page displays. Click the Next: Review button.


    Add_tags_page.png

  8. The Review page displays. In the Role name field, type a role name. This is the name of the IAM role the Threat Stack AWS Account will use to authenticate in AWS.


    Review_page.png

    Note

    AWS does not allow spaces in a role name.

  9. Click the Create role button. The new Threat Stack-specific IAM role creates. The Roles page displays.


    IAMRoleSearch.png

  10. In the Search field, type the name of the IAM for the role you created in step 8, and press ENTER.
  11. Select the IAM role. The Summary page displays.


    RoleIAMSummaryPg.png

  12. Copy the Role ARN.

Continue to the next section.

3. Integrate with Threat Stack Cloud Security PlatformⓇ

Completing the Threat Stack AWS Profile allows Threat Stack to authenticate in AWS using the Threat Stack-specific AWS IAM role.

  1. In the Threat Stack browser window, on the + Add AWS Integration page, paste the copied Role ARN in the Role ARN field.


    AWSProfileRoleARN.png

  2. In the Description field, type a description of the Threat Stack AWS role. Type a description that identifies how the bucket relates to the AWS account, such as "production."
  3. In the EC2 Correlation section, from the Select Regions drop-down menu, select the region(s) in which your organization has an EC2 presence.
  4. Verify the information entered and selected on the page is accurate.
  5. Click the Add AWS Integration button. The + Add AWS Integration dialog closes. The Integrations page displays. A “Profile Added Successfully” message displays and the new AWS profile displays in the AWS Integrations table. A clock icon displays in the EC2 Correlation Status column, indicating the profile is authenticating with AWS. This process may take several minutes.


    AWSProfileCheckBack.png

4. Confirm Successful Threat Stack Integration with AWS
  1. Log into Threat Stack.
  2. In the left navigation pane, click Settings. The Settings page displays.
  3. Click the Integrations tab. The AWS Integrations page displays.
  4. In the EC2 Correlation Status column for the AWS profile, a green checkmark displays. That checkmark confirms that Threat Stack successfully authenticated in AWS using the IAM role created for AWS.


    AWSProfileComplete.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request