Settings audit user for AWS

Part of the security audit on AWS environments takes place automatically. For this we need an API user with the correct settings. The user we’ll create only has read access to the settings so that we can review them. In this article we explain how to configure this user.

Create a user called “cyberant”, and give it the SecurityAudit policy. You do this by logging in with an AWS admin account and going to the IAM console. Then under “Access management” there is the button “users”. Then click on “Add users”.

Enter “cyberant” for the username and click on the “Programmatic access” function.

Click on “Attach existing policies directly” and select the “SecurityAudit” policy.

Unfortunately, not all permissions we need are included in this policy, for this reason we are creating a new policy. Click on “Create policy” and then on JSON. Give it the following value:


{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:DescribeActiveReceiptRuleSet",
"athena:GetWorkGroup",
"logs:DescribeLogGroups",
"logs:DescribeMetricFilters",
"elastictranscoder:ListPipelines",
"elasticfilesystem:DescribeFileSystems",
"servicequotas:ListServiceQuotas"
],
"Resource": "*"
}
]
}

Supply any useful tags (optional) and click on review. Name the policy “SecurityAuditPlus” and save it.
Go back to the previous screen, click the refresh button, and add the new policy “SecurityAuditPlus”. You should now have two policies selected.

Proceed with creating the user, the review page should have the following set:

Add the user. Make sure that the Access key ID and the Secret access key are stored carefully and securely. These are needed during the audit.

More information about our solutions

Do you want to make sure that your websites, apps or systems are free from vulnerabilities? Our experts are happy to work for you. For more information about our pentests or other services, please feel free to contact us via the contact form below. We are happy to tell you what we can do for you.

    Contact

    Randstad 22 147
    1316BM Almere

    info@cyberant.nl
    +31 (0)85 047 1590