Skip to main content
Skip table of contents

Generate AWS Credentials

Purpose

This document describes how to create Amazon Web Services (AWS) credentials.

Introduction

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. IAM provides the ability to centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

Create an IAM Policy

  1. Click on Policies to the left of the AWS console, and click on the Create Policy. This opens the Create Policy page where you can create a new IAM policy.

    Create Policy

    Create Policy

    1. Click on JSON. This opens an IAM policy editor where you can insert your policy.

      Cloudsec_AWS_IAM_Policy_Create_JSON.png



      The policy is explained later in this document and can be found in Appendix 1 in JSON Format.

      Cloudsec_AWS_IAM_Policy_Create_JSON_EWP.png

  2. Click on the Review policy button on bottom right and fix Policy Name and Description if your policy is not valid.

  3. To validate the policy, click on the Create Policy button.

    Review policy

    Review policy

Create an IAM Role

  1. Log in to AWS console and enter IAM Service.

  2. Click on Roles on the left menu and then click on Create role button to open Create role window.

    Cloudsec_IAM_role_for_EWP.png


  3. Select Another AWS Account as type of trusted entity.

    Cloudsec_create_IAM_role.png



  4. Fill the form using “947065867758” as Account ID.

  5. Select Require external ID as Options and use the External ID provided in the Amazon section of Integrations Settings panel in OUTSCAN.

    Cloudsec_IAM_role.png



  6. Select the AWS policy you created.

    Cloudsec_IAM_role_Attach_permission_policies.png

  7. Add a name to the AWS role and set a description. 

    Create AWS role

    Create AWS role

  8. Click on the Create role button on the bottom right.

Adding Credentials

  1. Log in to OUTSCAN. See the Logging in to the portal article on how to access the Portal.

  2. In the Portal view, click the Account button in the upper right corner. Initials in the button may differ depending on the account name.

    Portal_Account_Icon.png

  3. Select Credentials in the context menu.

    Portal_Account_Menu.png

  4. Click the + Add credentials button to open the Add credentials form.

    Button_add_credentials.png

Configure AWS Credentials

Add AWS credentials in Outpost24 using Access Key or IAM Role to allow authenticated scanning of your Amazon Web Services resources.

To manage your account, refer to Scan Credentials.

References 

AWS IAM Best Practice: 

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html 

 

AWS IAM Policy Simulator: 

https://policysim.aws.amazon.com/home/index.jsp 

Appendix-1

The below appendix consists of the AWS Policy for Outpost24 product in JSON format.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1493798226000",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:DescribeAlarms"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493798278000",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeImages",
                "ec2:DescribeInstanceAttribute",
                "ec2:DescribeInstanceStatus",
                "ec2:DescribeInstances",
                "ec2:DescribeFlowLogs",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeNetworkAcls",
                "ec2:DescribeRouteTables",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSnapshots",
                "ec2:DescribeSubnets",
                "ec2:DescribeTags",
                "ec2:DescribeVpcs"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493805833000",
            "Effect": "Allow",
            "Action": [
                "iam:GenerateCredentialReport",
                "iam:GetAccountPasswordPolicy",
                "iam:GetAccountSummary",
                "iam:GetCredentialReport",
                "iam:GetPolicyVersion",
                "iam:GetRolePolicy",
                "iam:ListAttachedUserPolicies",
                "iam:ListEntitiesForPolicy",
                "iam:ListPolicies",
                "iam:ListRolePolicies",
                "iam:ListRoles",
                "iam:ListUserPolicies",
                "iam:ListUsers",
                "iam:ListVirtualMFADevices"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493812702000",
            "Effect": "Allow",
            "Action": [
                "cloudtrail:DescribeTrails",
                "cloudtrail:GetTrailStatus",
                "cloudtrail:GetEventSelectors"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493812834000",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketAcl",
                "s3:GetBucketLogging",
                "s3:GetBucketPolicy"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493812945000",
            "Effect": "Allow",
            "Action": [
                "config:DescribeConfigurationRecorderStatus",
                "config:DescribeConfigurationRecorders"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493813079000",
            "Effect": "Allow",
            "Action": [
                "kms:GetKeyRotationStatus",
                "kms:ListKeys"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493813352000",
            "Effect": "Allow",
            "Action": [
                "logs:DescribeMetricFilters"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1493813470000",
            "Effect": "Allow",
            "Action": [
                "sns:ListSubscriptionsByTopic",
                "sns:ListTopics"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Viewing AWS Policy for Outpost24 software Summary in the AWS Console. 

Summary

Summary

Cloud Trail

Cloud Trail

CloudWatch

CloudWatch

CloudWatch Logs

CloudWatch Logs

Config

Config

EC2

EC2

EC2

EC2

IAM

IAM

IAM

IAM

  

KMS

KMS

S3

S3

SNS

SNS

Related Articles




Copyright

© 2025 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.