Integrating With AWS

Overview

AWS integration enables you to protect your cloud infrastructure with Jit's extensive selection of security requirements.

Steps for integrating with AWS

To integrate Jit with an AWS account—

  1. From the Integrations Page, locate the AWS tile and select Connect.
  2. Select whether to integrate via an AWS account or an AWS organization and select Next.
  3. Enter your AWS account ID, account name, and regions-- and select Next. If you are integrating with an AWS organization, enter the details of that organization's management account.
  4. Click the link Click here to integrate to create a read-only IAM role and establish a trust relationship between Jit and your AWS account. Your browser navigates to the AWS console in a new tab.
  5. Select the checkbox to acknowledge that AWS CloudFormation may create IAM resources with custom names.
  6. Select Create stack and return to the Jit platform. See the Permissions callout below for additional information on AWS permissions.
  7. Select Done.

👍

Success!

This AWS account is now monitored. If you wish to integrate with additional AWS accounts, select Connect on the AWS tile and then select Add a new AWS account. Repeat the above steps.

Permissions

The CloudFormation stack grants read-only permissions through an IAM role, which is sufficient for Jit to run security tests. Read-only permission is granted to the following AWS actions:

ReferenceActions
cloudtrailDescribeTrails, GetTrail, GetTrailStatus
s3GetLifecycleConfiguration, GetBucketPolicy, GetAccountPublicAccessBlock
access-analyzerGet, List, ValidatePolicy
iamListRoles, ListUsers, GetAccountSummary, ListVirtualMfaDevices ListMfaDevices, GenerateCredentialReport, GetPolicy, GetAccountAuthorizationDetails, GetCredentialReport, GenerateServiceLastAccessedDetails, GetServiceLastAccessedDetails, GetLoginProfile
dsListAuthorizedApplications
ec2GetEbsEncryptionByDefault
ecrDescribe
elasticfilesystemDescribeBackupPolicy
glueGetSecurityConfiguration, SearchTables
lambdaGetFunction
shieldDescribeProtection, GetSubscriptionState
ssmGetDocument
supportDescribe
tagGetTagKeys

Did this page help you?