Skip to main content

AWS Integration Setup Guide

Deploy Strike Intregration Role

Strike Team avatar
Written by Strike Team
Updated over 2 months ago

The following instructions show how to create the Strike Integration Role in your AWS Account using our provided CloudFormation template:

The CloudFormation template provided by Strike automates the creation of the required IAM role and associated policies in every AWS account, and configures the accounts within Strike, eliminating the need for manual setup. Once set up, the integration automatically starts collecting AWS metrics & events for you to start secure your infrastructure.

This stack creates an IAM role that is associated with the Security Audit Policy and View Only Access policies. The SecurityAudit policy allows users to view all security-related configuration data and perform audits on AWS resources. On the other hand, the ViewOnlyAccess policy grants users read-only access to AWS resources. These policies are designed to provide users with the necessary permissions to monitor and audit their AWS infrastructure, without allowing them to make any changes that could impact the security or stability of the environment. By utilizing these policies, the Strike CSA integration can provide customers with valuable insights into their AWS environment while maintaining a high level of security and control.

There are two ways to execute this role:

  • Using AWS CLI

  • Using AWS Console

Using AWS CLI

Execute the following AWS CLI command from the AWS account to add to Strike Integration:

aws cloudformation create-stack \ --capabilities CAPABILITY_IAM --capabilities CAPABILITY_NAMED_IAM \ --stack-name "StrikeIntegrationRole" \ --template-url "https://strike.sh/csa/strike-csa-cloudformation-stack.yaml" --parameters "ParameterKey=ExternalId,ParameterValue=xxxxx-xxxxxx-xxxxxx" \ --region us-east-1

Note: Since IAM is a global service, the previous command will work on any region.

Using the AWS Console

To get started with the Strike integration, you'll first need to have an AWS account and access to the AWS Management Console. From there, you can use the CloudFormation template provided by Strike to create the required IAM role and policies.

  1. Log in to the AWS Management Console.

  2. Click the AWS integration tile on the platform

  3. Clicking opens the CloudFormation console. You can edit the Stack Name and the IAMRoleName if you need. It's important not to edit the StrikeIntegrationID as this secret will be used to link your account

4. Click on "I acknowledge that AWS CloudFormation might create IAM resources with custom names."

5. Click on Create Stack.

6. You will see that the stack will remain in a pending state. this may take a few minutes.

7. Once the integration is complete we will see that the status of our stack is "CREATE_COMPLETE".

8. With the Strike integration in place, you'll start receiving AWS metrics and events automatically. These metrics and events can help you identify potential security issues and proactively secure your infrastructure.

Manual

  1. Open your web browser and go to the AWS Management Console.

  2. Navigate to the Identity and Access Management (IAM) service.

  3. In the IAM console, select "Roles" from the left-hand menu.

  4. Click the "Create role" button at the top of the page.

  5. In the "Select type of trusted entity" section, choose "Another AWS account" as the trusted entity.

  6. Enter "287981551800" as the Account ID.

Before continuing, check all the highlighted points in the image are correct.

7. In the "Attach permissions policies" section, search for and select the following two policies:

  • arn:aws:iam::aws:policy/SecurityAudit

  • arn:aws:iam::aws:policy/job-function/ViewOnlyAccess

8. Click the "Next: Review" button to review your role configuration.

9. Enter the role name.

10. Review your role settings, and click the "Create role" button to create the role.

11. That's it! You have successfully created a role in AWS, with the policies "arn:aws:iam::aws:policy/SecurityAudit" and "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess" attached to it.

12. Now you can use this role name to integrate with Strike Cloud Security, verify that the name of the role is the same as the one previously created and the account number is of the desired account

13. Click on Add account and wait for the next scan

Did this answer your question?