Keeping track of cloud targets you want to monitor for vulnerabilities can be a bit of a pain – new instances are constantly being spun up in AWS, others are being closed down – it could easily become a full time job! 

That's why we've created an AWS integration - add your EC2 Elastic IP addresses or Amazon Route 53 hostnames as Intruder targets directly from our portal! 🎉

Connect AWS to your Intruder Account

You can connect your Intruder Account in two ways:

  1. Creating an IAM role for Intruder (AWS AssumeRole functionality)

  2. Adding a new IAM user + entering the access keys. 

Create an IAM role for Intruder

To get started, you'll need to log into the AWS IAM console and go to 'Roles':

Now click on 'Create role':

For the next step you'll need Intruder's AWS Account ID and an External ID, so please log into the Intruder portal and head to the Cloud section of our settings page:

Copy the Account ID and External ID to a text document (or leave the Intruder portal open in a separate browser tab).

Now go back to the AWS - Create role screen, select 'Another AWS account' and enter Intruder's Account ID. Tick the checkbox to 'Require external ID' and enter the value you copied from our portal into the field. Finally, ensure the 'Require MFA' checkbox is not ticked and click 'Next: Permissions'.

Now attach permission policies to the role:

The new role needs to be granted permissions using the following three policies
(❗you must enable all three, or the integration won't work): 

'IAMReadOnlyAccess' - Used to fetch the "account alias" of the AWS account
'AmazonEC2ReadOnlyAccess' - Used to fetch EC2 Elastic IP addresses
'AmazonRoute53ReadOnlyAccess' - Used to fetch Route 53 hostnames

Click on 'Next: Tags'. On the next page you can add tags to the role but that is optional. Once you're done, click 'Next: Review'.

Now give your role a name, for example 'intruder-integration' and click 'Create role':

It should now take you back to the Roles page:

Now click on the role you just created to view its details:

Copy the 'Role ARN' and head back to the Cloud settings page of the Intruder portal. Paste the 'Role ARN' into the text box, click Add AWS account and you're done! 💪

Add a new IAM user and enter the access keys

If you are connecting Intruder to your AWS account via access keys, we recommend creating a new user in your AWS account. When creating a new user, please ensure that Programmatic access is checked.

The new user will need to be granted permissions using the following AWS policies 

(❗you must enable all three, or the integration won't work):

'IAMReadOnlyAccess' - Used to fetch the "account alias" of the AWS account
'AmazonEC2ReadOnlyAccess' - Used to fetch EC2 Elastic IP addresses
'AmazonRoute53ReadOnlyAccess' - Used to fetch Route 53 hostnames

Accounts with the 'AdministratorAccess' policy could also be used, but we would advise against this.

Once your new user account is ready you'll need to generate an access/secret key pair. AWS have a guide on how to do this, here's the main steps:

  1. In the IAM console under Users, click on the new user's name

  2. Select the Security credentials tab

  3. Click Create access key in the Access keys section to create a key pair that consists of an Access key ID and Secret access key

  4. Take a note of both keys as you will need to add them to our portal

Now head to the Cloud section of our settings page:

Paste the Access key ID and Secret access key into the appropriate fields and click on the Add AWS account button. Voila! 🎉 

If you have multiple AWS accounts, the process above can be repeated to add each account you want to protect.


Adding targets

Automate it with CloudBot

CloudBot keeps a constant watch on your AWS account and will automatically add any new external IP addresses or hostnames as Intruder targets – once you've connected the account, just keep an eye out for the popup asking if you want to activate CloudBot.

Manage it manually

Once you've added your AWS account, just click on the cloud account to see the Elastic IPs and Route 53 hostnames.

To add targets for continuous monitoring, simply click the green + button.

That's it!

Import cloud tags

You also have the option to sync your cloud tags once the targets have been imported. To do this:

  • Go to your targets page

  • Click the cloud account

  • Click settings

  • Toggle 'Auto sync tags' to on



Note: AWS integration is only available for customers on our Pro and Verified plans.

Did this answer your question?