You can manually connect your AWS account to the KirkpatrickPrice scanning tool by creating a role and assigning the Security Audit policy yourself.
Create a new role
First you will need to create a new role for our scanning tool to use when performing a scan.
- Log in to the AWS console and navigate to the IAM service. Click on “Roles”, and then click on “Create role”.
- Under “Select type of trusted entity”, select “Another AWS account”.
- Enter 903530111935 in the Account ID field. This is the KP20-Dev Account ID.
- Doing this will allow the scanner account to assume this role in your account.
- Click the “Require external ID” checkbox and enter a value into the field.
- The scanning tool will be required to provide this when assuming your role.
- Click “Next: Permissions” at the bottom of the page.
Attach the Security Auditor policy
To allow the scanning tool to have read-only access to perform a scan, you will need to attach the SecurityAudit policy to your new role.
- In the Search field, type “SecurityAudit”.
- Select the checkbox next to the "SecurityAudit" policy and click “Next: tags” at the bottom of the page.
If you want to add any tags to your new role you can do that from here. After you have added tags, click “Next: Review” at the bottom of the page.
Now you will need to give your role a name. Enter a name for your role in the “Role name” field and an optional description in the “Role description” field. Click “Create role”
- Find the role in the list of roles and copy the role ARN value.
- Navigate back to the scanning tool site and enter the role ARN and external ID for your new role to connect your account.