Help Document

Introduction

Getting started

Pre-logging setup

Logging setup

Product features

Admin settings

Amazon Web Services (AWS)

To monitor your AWS environment, Cloud Security Plus requires a valid IAM user with necessary permissions. The solution will use the designated IAM user to collect logs from your AWS environment.

Note: Cloud Security Plus supports all AWS regions, except AWS GovCloud (US) and China (Beijing) region.

Creating a new IAM user in the AWS console

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS

To create a new IAM user, follow these steps.

  • Login to the AWS console.
  • Go to AWS Services → Security, Identity and Compliance → IAM → Add User.
  • Give an appropriate User name and enable Programmatic access.
  • Click on Attach existing policies directly.
  • Click on Create Policy → Create your Own Policy.
  • Fill in the Policy Name field.
  • Copy and paste the inline policy in the Policy Document box.
  • Click on Create Policy.
  • Create the user and save the Access key and Secret key pair.

The generated access key and secret key pair should be used inside Cloud Security Plus to configure the AWS account.

Inline Policy

 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1486278063000",
      "Effect": "Allow",
      "Action": [
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1486278045000",
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1486278214000",
      "Effect": "Allow",
      "Action": [
        "sns:GetEndpointAttributes",
        "sns:GetPlatformApplicationAttributes",
        "sns:GetSMSAttributes",
        "sns:GetSubscriptionAttributes",
        "sns:GetTopicAttributes",
        "sns:ListEndpointsByPlatformApplication",
        "sns:ListPhoneNumbersOptedOut",
        "sns:ListPlatformApplications",
        "sns:ListSubscriptions",
        "sns:ListSubscriptionsByTopic",
        "sns:ListTopics",
        "sns:Publish"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1486278276000",
      "Effect": "Allow",
      "Action": [
        "sqs:DeleteMessage",
        "sqs:DeleteMessageBatch",
        "sqs:GetQueueAttributes",
        "sqs:GetQueueUrl",
        "sqs:ListQueues",
        "sqs:ReceiveMessage",
        "sqs:SendMessage"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1490256161000",
      "Effect": "Allow",
      "Action": [
        "iam:GenerateCredentialReport",
        "iam:GetAccountAuthorizationDetails",
        "iam:GetCredentialReport"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Enter AWS credentials in Cloud Security Plus

  • Go to the Cloud Security Plus console.
  • Click on Cloud Account Settings
  • Click on Add Cloud Account
  • Select the Cloud Type as AWS.
  • Enter a Display name in the given box.
  • Enter the Access Key IDand Secret Access Key of the IAM user in the given fields.
  • Click Save.

To setup logging for your AWS environment, refer AWS CloudTrail logging setup and S3 server access logging setup.