Part of the security audit on AWS environments takes place automatically. For this we need an API user with the correct settings. The user we’ll create only has read access to the settings so that we can review them. In this article we explain how to configure this user.
Create a user called “cyberant”, and give it the SecurityAudit policy. You do this by logging in with an AWS admin account and going to the IAM console. Then under “Access management” there is the button “users”. Then click on “Add users”.
Enter “cyberant” for the username and click on the “Programmatic access” function.
Click on “Attach existing policies directly” and select the “SecurityAudit” policy.
Unfortunately, not all permissions we need are included in this policy, for this reason we are creating a new policy. Click on “Create policy” and then on JSON. Give it the following value:
Supply any useful tags (optional) and click on review. Name the policy “SecurityAuditPlus” and save it.
Go back to the previous screen, click the refresh button, and add the new policy “SecurityAuditPlus”. You should now have two policies selected.
Proceed with creating the user, the review page should have the following set:
Add the user. Make sure that the Access key ID and the Secret access key are stored carefully and securely. These are needed during the audit.