Integrating With AWS

Overview

AWS integration enables you to protect your cloud infrastructure with Jit's extensive selection of security requirements.

Steps for integrating with AWS

To integrate Jit with an AWS account—

  1. Sign in to your AWS account.

  2. From the Integrations Page, locate the AWS tile and select Connect.

  3. Select the AWS account tile and select Next.

  4. Select the region(s) containing the resources you wish to monitor from the dropdown and select Click here to integrate. The AWS Management Console opens.

  5. You are prompted to create a stack from Jit's template using CloudFormation. Permissions information. Enter an AccountName and check the box to acknowledge that AWS CloudFormation might create IAM resources with custom names.

  6. Select Create stack. The stack creation process may take a few moments.

  7. Confirm successful integration by navigating back to the integrations page and selecting the Configure button on the AWS tile. Successful integration is indicated by a list item for the account. In the event of integration failure, see Troubleshooting AWS Integration.

To integrate Jit with an AWS organization—

  1. Sign in to the root account of your AWS organization.

  2. From the Integrations Page, locate the AWS tile and select Connect.

  3. Select the AWS organization tile and select Next.

  4. Select the region(s) containing the resources you wish to monitor from the dropdown and open the Click here to enable stack sets link in a new window or tab. The AWS Management Console opens. Select Enabled trusted access and navigate back to the Jit platform tab.

  5. Select Click here to integrate.

  6. You are prompted to create a stack from Jit's template using CloudFormation. Permissions information. Enter your OrganizationRootId and check the box to acknowledge that AWS CloudFormation might create IAM resources with custom names.

  7. Select Create stack. The stack creation process may take a few moments.

  8. Confirm successful integration by navigating back to the integrations page and selecting the Configure button on the AWS tile. Successful integration is indicated by a list item for your management account. In the event of integration failure, see Troubleshooting AWS Integration.

Permissions

The CloudFormation stack grants read-only permissions through an IAM role, which is sufficient for Jit to run security tests. Read-only permission is granted to the following AWS actions:

ReferenceActions
cloudtrailDescribeTrails, GetTrail, GetTrailStatus
s3GetLifecycleConfiguration, GetBucketPolicy, GetAccountPublicAccessBlock
access-analyzerGet, List, ValidatePolicy
iamListRoles, ListUsers, GetAccountSummary, ListVirtualMfaDevices ListMfaDevices, GenerateCredentialReport, GetPolicy, GetAccountAuthorizationDetails, GetCredentialReport, GenerateServiceLastAccessedDetails, GetServiceLastAccessedDetails, GetLoginProfile
dsListAuthorizedApplications
ec2GetEbsEncryptionByDefault
ecrDescribe
elasticfilesystemDescribeBackupPolicy
glueGetSecurityConfiguration, SearchTables
lambdaGetFunction
shieldDescribeProtection, GetSubscriptionState
ssmGetDocument
supportDescribe
tagGetTagKeys