Resources
How to onboard an AWS account to Kloudle
This document details the steps that are required to create an AWS user that will be onboarded to Kloudle so that Kloudle can make API requests to AWS.
May 10, 2022
Table of Contents
What is Kloudle?
What is this document about?
AWS Onboarding for Kloudle
Through Console
Through CLI
What is Kloudle?
Kloudle is a Digital Assets Security Automation Platform for SREs and DevOps. When integrated with your Cloud or SaaS provider, Kloudle takes periodic security snapshots and provides complete security contextual visibility that allows you to make informed decisions about your infrastructure, the assets and their various configurations.
Kloudle collects metadata about the resources and analyzes them to identify misconfigurations and using a massive research powered knowledgebase, identifies what would go wrong if these misconfigurations were exploited and what you can do to fix them.
As part of making sure the lives of SREs and DevOps become easier, Kloudle offers the ability to create “rules” that allow a user to take automated actions against a baseline. These automated actions, which we call Security Processes, allow users to configure a series of steps that kick in when custom events occur to ensure the security of the cloud and SaaS platform being monitored.
What is this document about?
This document details the steps that are required to create an AWS user that will be onboarded to Kloudle so that Kloudle can make API requests to AWS.
AWS Onboarding for Kloudle
Through Console
- Log in to the AWS account you want to onboard
- Ensure you have permissions to create an IAM user and attach policies to the user
- Navigate to IAM
- Go to Users page
- Click on Add users
- Enter User Name as kloudle-user
- Check Programmatic access for Access type. To perform visibility checks we will not require Console Access
- Click on Next
- Choose Attach existing policies directly and filter for ReadOnlyAccess. We will require two policies to be attached ReadOnlyAccess and IAMAccessAnalyzerReadOnlyAccess
- Add Tags in the next page, createdby and createdfor
- Click on Review and then Create user
- Download the csv file containing the user credentials and share it with the Kloudle team over a secure channel
Through CLI
- Ensure you have your CLI credentials to access the AWS account you want to onboard
- Ensure you have permissions to create an IAM user and attach policies to the user
- Run the below command to create the user kloudle-user,
aws iam create-user --user-name kloudle-user --tags Key=createdfor,Value=kloudle
- Then we will create access key for the user
aws iam create-access-key --user-name kloudle-user
- Note down the Access Key ID and Secret Access Key for the user
- Now we can attach the required policies ReadOnlyAccess and IAMAccessAnalyzerReadOnlyAccess to the user
aws iam attach-user-policy --user-name kloudle-user --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
aws iam attach-user-policy --user-name kloudle-user --policy-arn arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess
- We can verify that the permissions are attached to the user by running list-attached-user-policies
aws iam list-attached-user-policies --user-name kloudle-user
***
If you wish to onboard a GCP account to Kloudle, this document details the steps that are required to create a Google Cloud service account token to be onboarded to Kloudle so that Kloudle can make API requests to Google Cloud.
ABOUT THE AUTHOR
Riyaz Walikar
Riyaz is a security evangelist, offensive security expert and researcher with over a decade of experience in the cyber security industry. His passion to break into some of the most well defended networks and systems in his career spanning 15 years has earned him a lot respect within the security industry. He has led Security Assessment and Penetration Testing teams at Pricewaterhouse Coopers (PwC) and Appsecco, and the Product Security Team at Citrix before co-founding Kloudle. Riyaz now specializes in cloud native, container and cloud security in general, helping build an easy to use security management platform to help companies enhance their visibility in the cloud, identify security misconfigurations and automate remediation for security gaps enabling compliance and operational security in multi-cloud environments. He is also an avid speaker and trainer and presents his research and findings at security conferences and community meetups around the world including BlackHat USA, BH Europe, BH Asia, nullcon and OWASP AppsecUSA.Specialties: Cloud (AWS, GCP, Azure, IBM, Others) Security, Cloud-Native Security, Kubernetes, Container Security, Web Application Security, Network and System Penetration Testing, Wireless Network Security, Malware Analysis and Reverse Engineering, Threat Modelling, Windows Forensics, Security Code Review, Vulnerability Research, Exploit Development and Reverse Engineering. Certifications: CKA, CKAD, OSCP
Enjoyed this read?
Subscribe to our newsletter and stay ahead with more great insights and resources on cloud security!
Oops! Something went wrong while submitting the form.
.jpeg)