Overview
Intruder's integration with AWS enables automated cloud security scans to identify vulnerabilities and misconfigurations within your AWS environment.
This guide provides step-by-step instructions to configure the integration using an AWS CloudFormation template, ensuring Intruder has the necessary permissions to perform these scans.
Setting Up Cloud Security Scans on Your AWS Account using a CloudFormation Template
Step 1: Initiate AWS Account Integration in Intruder
Log in to your Intruder portal.
Click on the Targets tab.
Click Add target > Cloud asset sync > AWS > Add account.
In the modal that appears, click on the Download CloudFormation template button, and save the file to your local machine.
Step 2: Create an AWS Role Using the CloudFormation Template
Log in to the AWS Management Console.
In AWS, search for Stacks and select the CloudFormation feature.
Click Create Stack.
Under the 'Specify Template' option, select the 'Upload template file' and upload the CloudFormation template file downloaded in Step 1 and follow the on-screen instructions.
Provide a stack name and click Next.
Select the checkbox under the Capabilities section
Review the setup, and click Submit
In the next step, wait until the stack has been created (which will look like the below once complete). If it is not yet finished, click refresh until it's done
Once the stack creation is complete, navigate to the Outputs tab and copy the Role ARN in the Value column
Step 3: Retrieve and Input the Role ARN in Intruder
Go back to the Intruder portal.
Paste the copied Role ARN into the Role ARN field.
Click Add asset and configure scan settings, including the option to 'Run Cloud Security scans', and click 'Confirm Setup'
If you selected the 'Add Cloud assets as targets' option then you will also need to confirm the setup you would like for this in the next step
Scans are now enabled! The first scan should kick off right away, and a new scan will be run once a day. We create a target that represents the cloud account, and you get redirected to its details page. Here, you can manage scan settings via the Settings tab:
Alternative Integration Methods
If you prefer not to use the CloudFormation template, you can manually create an IAM role and attach the following AWS-managed policies:
ReadOnlyAccess
SecurityAudit
AmazonBedrockReadOnly
We have outlined the instructions required to set up the correct permissions for your IAM Role in the video below:
Alternatively, you can integrate using AWS access keys with equivalent permissions. If choosing this option, you will need to make sure that the access keys have permissions equivalent to the 3 managed policies specified above.
Managing and Monitoring Scans
Scans will run automatically once per day.
You will be able to view scan results on the Scans page.
If during a scan we detect that the integration is missing permissions we need for scanning, you'll see an error as below. The scans will still run, but one or more checks won't be run successfully and some issues may not be found.
If we are unable to scan the account at all due to the credentials being invalid, you will see the following:
You can also see and manage the same settings in the Cloud asset details page, which you can access via the Discovery tab on the Targets page:
Plan Limits
Users on the Pro plan can enable scans on up to three cloud accounts simultaneously.
To scan additional accounts, disable scans on your existing cloud accounts as needed.
Premium Feature: AWS Organizations Integration
Users on the Premium Plan can add and scan as many cloud accounts as needed.
If you are on the Premium plan, you will have the option to import your AWS Organisation (instead of having to import each individual account). The setup process will create the necessary roles and permissions automatically.
Existing Users with an AWS Organization integration should download the latest templates to ensure correct permissions.
Options to enable or disable the Cloud Security Scans for each imported account will be shown on the Discovery Tab, as per the screenshot below:
Future Support for Other Cloud Providers
Currently, Intruder supports cloud security scans for AWS. Integration with additional cloud providers is planned for future updates to this feature.