Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction

This document describes how to create Amazon Web Services (AWS) credentials.


Create an IAM Policy

  1. Click on Policies to the left of the AWS console, and click on the Create Policy. This opens the Create Policy page where you can create a new IAM policy.



    1. Click on JSON. This opens an IAM policy editor where you can insert your policy.



      The policy is explained later in this document and can be found in Appendix 1 in JSON Format.


  2. Click on the Review policy button on bottom right and fix Policy Name and Description if your policy is not valid.
  3. To validate the policy, click on the Create Policy button.

Create an IAM Role

  1. Log in to AWS console and enter IAM Service.
  2. Click on Roles on the left menu and then click on Create role button to open Create role window.



  3. Select Another AWS Account as type of trusted entity.



  4. Fill the form using “947065867758” as Account ID.
  5. Select Require external ID as Options and use the External ID provided in the Amazon section of Integrations Settings panel in OUTSCAN.



  6. Select the AWS policy you created.
  7. Add a name to the AWS role and set a description. 

     

  8. Click on the Create role button on the bottom right.

Configure AWS Credentials

To navigate to this section, 

  1. Log in to OUTSCAN.
  2. Go to Main Menu > Portal
  3. In the Portal view click on the Account icon in the upper right corner.
  4. Click Credentials.



  5. Click Add Credentials, and select Amazon Web Services from the drop-down menu of account type to add new AWS credentials. 

                   

  6. Add the name of your AWS account.
    1. Select Login with Access Key, to login using the access key ID and Secret Access Key. 
    2. Select Login with Role, to login using ARN Role.
  7. Enable TOGGLE ALL GEOGRAPHIES to select all the ares listed. To add selective areas, enable their respective check-boxes.
  8. By clicking ADD, an account is created. 

To manage your account, refer to Scan Credentials.

References 

AWS IAM Best Practice: 

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html 

 

AWS IAM Policy Simulator: 

https://policysim.aws.amazon.com/home/index.jsp 


Appendix- I 

The below appendix consists of the AWS Policy for Outpost24 product in JSON format.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1493798226000",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:DescribeAlarms"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493798278000",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeImages",
                "ec2:DescribeInstanceAttribute",
                "ec2:DescribeInstanceStatus",
                "ec2:DescribeInstances",
                "ec2:DescribeFlowLogs",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeNetworkAcls",
                "ec2:DescribeRouteTables",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSnapshots",
                "ec2:DescribeSubnets",
                "ec2:DescribeTags",
                "ec2:DescribeVpcs"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493805833000",
            "Effect": "Allow",
            "Action": [
                "iam:GenerateCredentialReport",
                "iam:GetAccountPasswordPolicy",
                "iam:GetAccountSummary",
                "iam:GetCredentialReport",
                "iam:GetPolicyVersion",
                "iam:GetRolePolicy",
                "iam:ListAttachedUserPolicies",
                "iam:ListEntitiesForPolicy",
                "iam:ListPolicies",
                "iam:ListRolePolicies",
                "iam:ListRoles",
                "iam:ListUserPolicies",
                "iam:ListUsers",
                "iam:ListVirtualMFADevices"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493812702000",
            "Effect": "Allow",
            "Action": [
                "cloudtrail:DescribeTrails",
                "cloudtrail:GetTrailStatus",
                "cloudtrail:GetEventSelectors"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493812834000",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketAcl",
                "s3:GetBucketLogging",
                "s3:GetBucketPolicy"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493812945000",
            "Effect": "Allow",
            "Action": [
                "config:DescribeConfigurationRecorderStatus",
                "config:DescribeConfigurationRecorders"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493813079000",
            "Effect": "Allow",
            "Action": [
                "kms:GetKeyRotationStatus",
                "kms:ListKeys"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493813352000",
            "Effect": "Allow",
            "Action": [
                "logs:DescribeMetricFilters"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493813470000",
            "Effect": "Allow",
            "Action": [
                "sns:ListSubscriptionsByTopic",
                "sns:ListTopics"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}


Viewing AWS Policy for Outpost24 software Summary in the AWS Console. 


IAMuserEWP17

IAMuserEWP18


IAMuserEWP19


IAMuserEWP20


IAMuserEWP21


IAMuserEWP22


IAMuserEWP23


IAMuserEWP24

 

IAMuserEWP25

  

IAMuserEWP26


IAMuserEWP27


IAMuserEWP28