Connect Your AWS Account
2. Launch CloudFormation stack
This will perform the following:
- A new cross-account role will be created in your account. Our scanner will assume this role to assess your environment.
- The AWS Security Audit policy will be attached to the new role. This grants read-only access to the metadata of your AWS services.
You can manually connect your AWS account by creating a role and assigning the Security Audit policy yourself.
1. Create a New Role
- Log in to the AWS Management Console and launch theIAM Console.
- In the navigation pane on the left, selectRoles.
- SelectCreate role.
- Under Select type of trusted entity, selectAnother AWS account.
- In the Account ID field, copy and paste the Account ID value from the KirkpatrickPrice Connect AWS Account modal.
This is the scanner Account ID. By doing this you will allow the scanner account to assume this role in your account.
- Select theRequire external IDbox and then enter any value into theExternal IDtext field.
The scanner will be required to provide this external ID when assuming your role.
- SelectNext: Permissions.
2. Attach the Security Audit Policy
This allows the scanner to have read-only access to perform a scan, you will need to attach the SecurityAudit policy to your new role.
- In the search field, enter “SecurityAudit.”
- Select theSecurityAudit policy box, then selectNext: Tags.
- Optional: Add any desired tags to your new role, then selectNext: Review.
- In theRole nametext field, enter any role name.
Optional: In theRole descriptiontext field, provide a description of your new role.
- SelectCreate Role.
3. Enter your Credentials
- Return to theConnect AWS Account – Manualmodal on the KirkpatrickPrice AWS Scanner site.
- In theRole ARN text field, paste your copied Role ARN.
- In theExternal IDtext field, enter the External ID that was assigned when creating the role.
You can find this value by selecting the role name and selecting theTrust relationshipstab. The value is listed underConditions.
- SelectConnect Account.