{"id":48900,"date":"2023-09-27T14:37:08","date_gmt":"2023-09-27T12:37:08","guid":{"rendered":"https:\/\/cyberant.com\/user-settings-for-aws-security-audits\/"},"modified":"2023-11-09T11:22:23","modified_gmt":"2023-11-09T10:22:23","slug":"user-settings-for-aws-security-audits","status":"publish","type":"post","link":"https:\/\/cyberant.com\/en\/user-settings-for-aws-security-audits\/","title":{"rendered":"User settings for AWS security audits"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-ln1q3q8q-4c3381399a97c8f27c8b76a5740e8dad\">\n#top .av_textblock_section.av-ln1q3q8q-4c3381399a97c8f27c8b76a5740e8dad .avia_textblock{\nfont-size:40px;\n}\n<\/style>\n<section  class='av_textblock_section av-ln1q3q8q-4c3381399a97c8f27c8b76a5740e8dad '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h1>User settings for AWS security audits<\/h1>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-rlvxup-ae03d135fe9cb120829d3abe5cfd35cf\">\n#top .hr.hr-invisible.av-rlvxup-ae03d135fe9cb120829d3abe5cfd35cf{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-rlvxup-ae03d135fe9cb120829d3abe5cfd35cf hr-invisible  avia-builder-el-1  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-ln1q6ixu-8aadb0d21cae8e959f6a95deee56e219\">\n#top .av_textblock_section.av-ln1q6ixu-8aadb0d21cae8e959f6a95deee56e219 .avia_textblock{\nfont-size:16px;\n}\n<\/style>\n<section  class='av_textblock_section av-ln1q6ixu-8aadb0d21cae8e959f6a95deee56e219 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Some of the security auditing on AWS environments takes place automatically. For this we need an API user with the right settings. The user we create has read-only privileges on the settings so we can review them. In this article, we explain how to configure this user.<\/p>\n<p>Create a user named &#8220;cyberant,&#8221; and give it the SecurityAudit policy. You do this by logging in with an AWS admin account and going to the IAM console. Then under &#8220;Access management&#8221; there is the &#8220;users&#8221; button. Then click on &#8220;Add users.&#8221;<\/p>\n<p><img decoding=\"async\" class=\"alignnone wp-image-49584 \" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-1030x494.png\" alt=\"SETTINGS USER FOR AWS SECURITY AUDITS\" width=\"649\" height=\"311\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-1030x494.png 1030w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-300x144.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-768x369.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-125x60.png 125w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-75x36.png 75w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-1536x737.png 1536w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-1500x720.png 1500w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1-705x338.png 705w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-1-1.png 1856w\" sizes=\"(max-width: 649px) 100vw, 649px\" \/><\/p>\n<p>For the username, enter &#8220;cyberant,&#8221; and click the &#8220;Programmatic access&#8221; function.<\/p>\n<p><img decoding=\"async\" class=\" wp-image-49582\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-1030x494.png\" alt=\"SETTINGS USER FOR AWS SECURITY AUDITS\" width=\"632\" height=\"303\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-1030x494.png 1030w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-300x144.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-768x369.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-125x60.png 125w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-75x36.png 75w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-1536x737.png 1536w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-1500x720.png 1500w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1-705x338.png 705w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-2-1.png 1781w\" sizes=\"(max-width: 632px) 100vw, 632px\" \/><\/p>\n<p>Click &#8220;Attach existing policies directly&#8221; and select the &#8220;SecurityAudit&#8221; policy.<\/p>\n<p>Unfortunately, not all the permissions we need are included in this policy, for this reason we are creating a new policy. Click on &#8220;Create policy&#8221; and then on JSON. Give it the following value:<\/p>\n<p><img decoding=\"async\" class=\" wp-image-49580\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-1030x478.png\" alt=\"SETTINGS USER FOR AWS SECURITY AUDITS\" width=\"614\" height=\"285\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-1030x478.png 1030w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-300x139.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-768x357.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-125x58.png 125w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-75x35.png 75w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-1536x713.png 1536w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-1500x697.png 1500w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1-705x327.png 705w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-3-1.png 1753w\" sizes=\"(max-width: 614px) 100vw, 614px\" \/><\/p>\n<p><code>{<br \/>\n\"Version\": \"2012-10-17\",<br \/>\n\"Statement\": [<br \/>\n{<br \/>\n\"Effect\": \"Allow\",<br \/>\n\"Action\": [<br \/>\n\"ses:DescribeActiveReceiptRuleSet\",<br \/>\n\"athena:GetWorkGroup\",<br \/>\n\"logs:DescribeLogGroups\",<br \/>\n\"logs:DescribeMetricFilters\",<br \/>\n\"elastictranscoder:ListPipelines\",<br \/>\n\"elasticfilesystem:DescribeFileSystems\",<br \/>\n\"servicequotas:ListServiceQuotas\"<br \/>\n],<br \/>\n\"Resource\": \"*\"<br \/>\n}<br \/>\n]<br \/>\n}<\/code><\/p>\n<p>Enter any tags (optional) and click review. Name the policy &#8220;SecurityAuditPlus&#8221; and save it.<br \/>\nReturn to the previous screen, click the refresh button, and add the new policy &#8220;SecurityAuditPlus.&#8221; Two policies should now be selected.<\/p>\n<p>Continue to create the user, at the review page the following should be set:<\/p>\n<p><img decoding=\"async\" class=\" wp-image-49578\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-4-1.png\" alt=\"SETTINGS USER FOR AWS SECURITY AUDITS\" width=\"607\" height=\"349\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-4-1.png 1024w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-4-1-300x173.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-4-1-768x443.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-4-1-125x72.png 125w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-4-1-75x43.png 75w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/tut-aws-4-1-705x406.png 705w\" sizes=\"(max-width: 607px) 100vw, 607px\" \/><\/p>\n<p>Add the user. Ensure that the Access key ID and Secret access key are stored carefully and securely. These are needed during the audit.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-48898 size-medium\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/512px-Amazon_Web_Services_Logo.svg-300x180.png\" alt=\"\" width=\"300\" height=\"180\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/512px-Amazon_Web_Services_Logo.svg-300x180.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/512px-Amazon_Web_Services_Logo.svg-125x75.png 125w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/512px-Amazon_Web_Services_Logo.svg-75x45.png 75w, https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/512px-Amazon_Web_Services_Logo.svg.png 512w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<div class=\"text-center\">\n<div class=\"post-thumbnail\"><\/div>\n<\/div>\n<\/div><\/section>\n<div  class='hr av-4al6dd-b3758cc2311a97c707ab70ed6bfedd53 hr-default  avia-builder-el-3  el_after_av_textblock  el_before_av_social_share '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='av-social-sharing-box av-s277tt-7e5cc7c184bf030ae2bb822f723cc8fb av-social-sharing-box-default  avia-builder-el-4  el_after_av_hr  avia-builder-el-last  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Share this article<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href='https:\/\/www.facebook.com\/sharer.php?u=https:\/\/cyberant.com\/en\/user-settings-for-aws-security-audits\/&#038;t=User%20settings%20for%20AWS%20security%20audits' data-av_icon='\ue8f3' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on Facebook'><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on X\" href='https:\/\/twitter.com\/share?text=User%20settings%20for%20AWS%20security%20audits&#038;url=https:\/\/cyberant.com\/en\/?p=48900' data-av_icon='\ue932' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on X'><span class='avia_hidden_link_text'>Share on X<\/span><\/a><\/li><li class='av-share-link av-social-link-whatsapp avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on WhatsApp\" href='https:\/\/api.whatsapp.com\/send?text=https:\/\/cyberant.com\/en\/user-settings-for-aws-security-audits\/' data-av_icon='\uf232' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on WhatsApp'><span class='avia_hidden_link_text'>Share on WhatsApp<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href='https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=User%20settings%20for%20AWS%20security%20audits&#038;url=https:\/\/cyberant.com\/en\/user-settings-for-aws-security-audits\/' data-av_icon='\ue8fc' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on LinkedIn'><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><li class='av-share-link av-social-link-mail avia_social_iconfont' ><a  aria-label=\"Share by Mail\" href='mailto:?subject=User%20settings%20for%20AWS%20security%20audits&#038;body=https:\/\/cyberant.com\/en\/user-settings-for-aws-security-audits\/' data-av_icon='\ue805' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share by Mail'><span class='avia_hidden_link_text'>Share by Mail<\/span><\/a><\/li><\/ul><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":48899,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[216,180],"tags":[279,193,194,280,281],"class_list":["post-48900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge-base","category-product-information","tag-aws-en","tag-penetration-test-en","tag-pentest-en","tag-security-audits-en","tag-settings-aws"],"_links":{"self":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/48900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/comments?post=48900"}],"version-history":[{"count":0,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/48900\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media\/48899"}],"wp:attachment":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media?parent=48900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/categories?post=48900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/tags?post=48900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}