AWS integration enables you to protect your cloud infrastructure with Jit's extensive selection of security requirements.
To integrate Jit with an AWS account—
- From the Integrations Page, locate the AWS tile and select Connect.
- Select whether to integrate via an AWS account or an AWS organization and select Next.
- Enter your AWS account ID, account name, and regions-- and select Next. If you are integrating with an AWS organization, enter the details of that organization's management account.
- Click the link Click here to integrate to create a read-only IAM role and establish a trust relationship between Jit and your AWS account. Your browser navigates to the AWS console in a new tab.
- Select the checkbox to acknowledge that AWS CloudFormation may create IAM resources with custom names.
- Select Create stack and return to the Jit platform. See the Permissions callout below for additional information on AWS permissions.
- Select Done.
This AWS account is now monitored. If you wish to integrate with additional AWS accounts, select Connect on the AWS tile and then select Add a new AWS account. Repeat the above steps.
The CloudFormation stack grants read-only permissions through an IAM role, which is sufficient for Jit to run security tests. Read-only permission is granted to the following AWS actions:
|cloudtrail||DescribeTrails, GetTrail, GetTrailStatus|
|s3||GetLifecycleConfiguration, GetBucketPolicy, GetAccountPublicAccessBlock|
|access-analyzer||Get, List, ValidatePolicy|
|iam||ListRoles, ListUsers, GetAccountSummary, ListVirtualMfaDevices ListMfaDevices, GenerateCredentialReport, GetPolicy, GetAccountAuthorizationDetails, GetCredentialReport, GenerateServiceLastAccessedDetails, GetServiceLastAccessedDetails, GetLoginProfile|
Updated 5 days ago