Our AWS integration supports EC2 Elastic IP addresses or Amazon Route 53.
Any other will need to be added manually.
There are two methods for integrating with AWS, you can either:
Create an IAM role for Intruder
AWS help docs, should you need them.
Log into the AWS IAM console and go to 'Roles':
Now click on '
Create role':
For the next step you'll need Intruder's
AWS Account IDandExternal ID.
Log into the Intruder portal > Targets page > Cloud accounts >Add account>AWS:
Copy the
Account IDandExternal IDto a text document (or leave the Intruder portal open in a separate browser tab):
Now go back to the AWS - Create role screen:
Select 'AWS account' from the 'Trusted entity type' section.
Select 'Another AWS account' and enter Intruder's Account ID.
Tick the checkbox to 'Require external ID' and enter the value you copied from our portal into the field.
Finally, ensure the 'Require MFA' checkbox is not ticked and click 'Next'
Attach permission policies to the role (use the search box to find them):
The new role needs to be granted permissions using the following three policies
(โyou must enable all three, or the integration won't work):ย'IAMReadOnlyAccess' - Used to fetch the "account alias" of the AWS account
'AmazonEC2ReadOnlyAccess' - Used to fetch EC2 Elastic IP addresses
'AmazonRoute53ReadOnlyAccess' - Used to fetch Route 53 hostnames
Click on 'Next' > now give your role a name, for example 'intruder-integration' > click '
Create role':
It should now take you back to the Roles page > click on the role you just created to view its details:
Copy the '
Role ARN' and head back to the Cloud settings page of the Intruder portal.Paste the 'Role ARN' into the text box, click
Add accountand you're done! ๐ช
Add a new IAM user and enter the access keys
If you are connecting Intruder to your AWS account via access keys, we recommend creating a new user in your AWS account.
When creating a new user, please ensure that Programmatic access is checked.The new user will need to be granted permissions using the following AWS policies:
'IAMReadOnlyAccess' - Used to fetch the "account alias" of the AWS account
'AmazonEC2ReadOnlyAccess' - Used to fetch EC2 Elastic IP addresses
'AmazonRoute53ReadOnlyAccess' - Used to fetch Route 53 hostname
โYou must enable all three, or the integration won't work.โ
Accounts with the 'AdministratorAccess' policy could also be used, but we would advise against this.Once your new user account is ready you'll need to generate an access/secret key pair. AWS have a guide on how to do this, but here the main steps:
In the IAM console under Users, click on the new user's name
Select the Security credentials tab
Click Create access key in the Access keys section to create a key pair that consists of an Access key ID and Secret access key
Take a note of both keys as you will need to add them to our portal
Now head to the Cloud section of our settings page > paste the
Access key IDandSecret access keyinto the appropriate fields and click on theAdd accountbutton. Voila! ๐
If you have multiple AWS accounts, the process above can be repeated to add each account you want to protect.
The next thing you'll see is this modal ๐, for automated management of your cloud targets.
If that's not of interest and you'd like to manage them manually, skip the boxes and simply press Confirm setup and you'll see this:
Note: AWS integration is only available for customers on our Pro, Premium and Vanguard plans.