Preparation for Scanning AWS
StorageGuard collects configuration data from AWS environment by using the AWS SDK running read-only Management API calls.
The following table lists the requirements for scanning AWS:
# | Description |
1 | Provide the target Region name. |
2 | Provide a pair of an IAM user Access Key and Secret Access Key. |
3 | Provide the account ID. |
4 | Make sure that IP connectivity is available between the StorageGuard server and AWS. |
Examples of API call used:
- S3.ListStorageLensConfigurations
- IAM.ListGroupsForUser
- Backup.ListProtectedResources
Creating an IAM User Account for Scanning AWS
The following suggested method can be used to create an IAM user account with appropriate privileges:
- Login to AWS Console. On the Console Home page, select the IAM service.
- In the navigation pane, select Users and then select Add users.
- On the Specify user details page, under User details, in User name, enter the name for the new user. Click Next.
- On the Set permissions page, under Permissions options, select Next.
- Select Create user.
Creating a User Group
The following suggested method can be used to create a user group:
- Login to AWS Console. On the Console Home page, select the IAM service.
- In the navigation pane, select User groups and then select Create group.
- On the Create user group page, Under User group name, enter the name for the new group.
- Scroll to the bottom of the page and select Create group.
Adding a User to a User Group
The following suggested method can be used to add the user to a user group:
- Login to AWS Console. On the Console Home page, select the IAM service.
- In the navigation pane, select User groups and then click on the desired group.
- On the user group page, under Users tab, go to section Users in this group and select Add users.
- On the Add users to group page, search for the desired user. check the checkbox next to it.
- Select Add users.
Creating an access key and a secret access key
The following suggested method can be used to create an access key and a secret access key:
- Login to AWS Console. On the Console Home page, select the IAM service.
- In the navigation pane, select Users groups and then click on the desired user.
- On the user page, under Security credentials tab, go to section Access keys and select Create access key.
- On the Access key best practices & alternatives page, select Next.
- On the Set description tag page, select Create access key.
- On the Retrieve access keys page, copy the Access key and the Secret access key to an external application (for
- example: notepad) for future use.
- Select Done.
Assign a Policy to a User Group
The following suggested method can be used to assign a policy to the user group:
- Login to AWS Console.
- On the Console Home page, select the IAM service.
- In the navigation pane, select User groups and then click on the desired group.
- On the user group page, select Permissions tab.
- Under permissions policies, select Add permissions and then select Attach policies.
- On the Attach permission policies, under Other permission policies, search for the desired policy and check the permissions checkbox next to it.
- Scroll down and select Add permissions.
Creating a Policy
The following suggested method can be used to create a policy with appropriate privileges:
- Login to AWS Console. On the Console Home page, select the IAM service.
- In the navigation pane, select Policies and then select Create policy.
- In the first page make the following changed:
- Under Service, choose the desired services you wish to grant access (for example: S3).
- Under Actions, check the LIST and READ access level checkboxes.
- Under Resources, either enter a specific resource ARN or mark All Resources.
- Select Next: Tags.
- Select Next: Review.
- Under Review policy, in the field Name, enter a desired name for the policy.
- Select Create policy.
Comments
0 comments
Please sign in to leave a comment.