# AWS

The NetSPI Platform's CAASM module has a broad integration with Amazon Web Services (AWS).

# Supported asset types

The AWS integration provides the NetSPI Platform visibility into the following asset types:

Networks
Systems
IPV4 addresses
Cloud resources: IAM User, IAM Role, Cloud Account, S3, Lambda, RDS, ALB, NLB, WAF

# Data run frequency

The AWS integration pulls data at minute 30 past every sixth hour (e.g, 12:30, 6:30, 12:30, etc.).

# Endpoints used

The following endpoints are used in this AWS integration.

# EC2 (Elastic Compute Cloud)

describe_regions
describe_subnets
describe_images
describe_instances
describe_iam_instance_profile_associations

# ECS (Elastic Container Service)

list_clusters
describe_clusters
list_services
describe_services
list_task_definitions
describe_task_definition

# ELB (Elastic Load Balancer)

describe_load_balancers

# IAM (Identity and Access Management)

list_users
list_roles
list_groups
list_policies
list_mfa_devices
list_user_policies
list_role_policies
list_groups_for_user
list_attached_user_policies
list_attached_role_policies
get_role_policy
get_user_policy
get_group_policy
get_policy_version
get_instance_profile

# Lambda

list_functions

# RDS (Relational Database Service)

describe_db_instances

# S3 (Simple Storage Service)

list_buckets head_bucket

# Security Hub

list_finding_aggregators get_finding_aggregator get_findings

# WAF (Web Application Firewall)

list_web_acls

# Workspaces

describe_workspace_bundles

# Supported AWS services

This AWS integration supports the following AWS services.

Requirements

At least one of these products must be properly licensed in order for the integration to work.

EC2
S3
VPC
IAM
Lambda
RDS
WAF
ELB
ECS
Workspaces
Security Hub

Similar to the other NetSPI Platform integrations, the AWS integration is read-only and does not perform actions to configure systems or otherwise change anything about your AWS environment.

# Required permissions

This integration requires:

An AWS trust relationship between the NetSPI Platform and your AWS environment (created automatically)
A new role in your AWS environment

# Configuration steps

Use the section below for configuring AWS to integrate with the NetSPI Platform.

# AWS configuration

CAASM supports two options for your AWS integration: single AWS account role configuration (steps below) or AWS Organizations role configuration (see Role Creation for AWS Organizations).

In the IAM navigation pane, select Access management -> Roles and select the Create role button in the upper right.
Select the radio button associated with the AWS account trusted entity type.
Select the Another AWS account radio button and paste the NetSPI Platform AWS account ID in the Account ID field to create the trust relationship: 339712971568
Under options, select the Require external ID checkbox and specify a random value for the external ID.

Note

Please ensure you make a note of the random external ID you generate for step 4 above, as you will need this value when configuring the AWS integration in the NetSPI Platform.
Select the Next button and choose the SecurityAudit policy.
Select the Next button and name the role (NetSPI-CAASM-ExecutionRole is used in the example below). When finished, select the Create role button in the lower right.
Navigate back to the list of IAM roles, locate the role you just created above, and select it.
On the role summary page, copy the role ARN by selecting the copy icon as illustrated above.

# NetSPI Platform CAASM configuration

Use the steps below to configure the AWS Integration in the NetSPI Platform.

Log into the NetSPI Platform as a Client Admin user.
Navigate to Settings -> CAASM Integrations to display the Integrations page.
Select the Integration Library tab -> Integration Categories / Cloud -> AWS.

This brings the AWS integration card into focus.
Note

You can also locate the integration card by:
- Scrolling down the page on the Integration Library tab
- Filter the integration options displayed by selecting any of the other left navigation choices besidesIntegration Categories, e.g., by Modules or Integration Scopes (cloud or on premise)
- Enter the integration name in the Search integration bar
Select the Add button on the AWS card to display the AWS integration configuration page.
Select and enter values for the following fields.
1. Select the integration type from the Integration drop-down list. In this case, AWS, which is already selected by default.
2. Select the integration scope from the Scope drop-down list. The AWS integration can only run on a cloud scope, which was configured by NetSPI and Cloud displays as the default value.
3. Enter an integration name and description in the Integration Name and Description fields.
4. Select the Enabled slider button to display as either on (blue) or off (light gray).
  
  Note: If you configured AWS Organizations then you would select the AWS Organization Root Account slider button. This does not apply to the single AWS account configuration setup.
5. Paste the ARN copied from Step 8 of the AWS configuration above into the Role ID field.
6. Enter or copy/paste the random External ID generated in Step 4 of the AWS configuration above to the External ID field.
7. If additional ARN's need to be added, select the Add button to display additional Role ID and External ID fields.
Select Create to create the integration. The new integration now displays on the Applied Integrations tab with its statuses: current and last run, last run time, and status (enabled/disabled).

AWS Docs Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html