Near Real Time Configuration Audit for AWS Manual Setup
Skyhigh CASB provides Near Real Time (NRT) Configuration Audit for AWS, which significantly reduces the time to find new configuration violations in AWS. Generally, NRT Configuration Audit is an automated process. You must provide the required permissions to the Skyhigh CASB to configure an automated NRT setup. For details, see Near Real-Time Configuration Audit. But if you do not want to provide permissions to Skyhigh CASB, you can use a manual configuration.
Prerequisites
Before you begin, make sure the following prerequisites are met:
- If you have more than one AWS account, use the AWS console to add publishers' account IDs in the receiver's default event bus as permissions.
- If you have more than 50 publisher accounts, add the organization ID to the event bus.
NRT Configuration Audit Manual Setup
Perform the following activities to manually set up NRT Configuration Audit:
- Login to Skyhigh CASB and go to Settings > Service Management.
- To edit your AWS instance, select Amazon Web Services and click Setup > Edit.
- You are redirected to the Summary page. Under Enabled Feature, click Edit.
- To enable NRT, select the checkbox Real-Time Configuration Audit Monitoring and click Next.
- Review the pre-requisites and click Next.
- Add a new account or authenticate the existing accounts and proceed to the Real-Time Monitoring page.
- To setup NRT on the selected account, select Accounts, Regions, and Receiver Account.
- If you have more than 50 accounts, enter Org ID.
- To download the NRT ZIP folder containing CloudFormation Template(CFT), select Download CloudFormation Templates for manual setup. The downloaded NRT ZIP folder contains the following files:
- publisher-parameters-3315513031739650576.csv: File containing parameters and values required for a publisher account
- publisher-template-3038627398339114747.json: CFT to set up publisher accounts
- receiver-parameters-4977416902024977060.csv: File containing parameters and values for the receiver account
- receiver-template-5733485186941095991.json: CFT to set up the receiver account
- Click through the rest of the wizard until you reach the Summary page. Now, you can view the Real-Time configuration status as Manual setup in progress and then click Save.
- Go to the AWS console and run the corresponding CloudFormation Templates for receiver and publisher accounts provided in the NRT ZIP folder.
NOTE: Run the CFTs for Receiver Account first and then the Publisher Account. For the permissions required to run CFTs, see Receiver and Publisher AWS Account.
- To enter the parameter value, use the publisher-parameters-3315513031739650576.csv file extracted from the NRT zip folder.
NOTE:
- To create Stacksets, provide any name to the role. There is no constraint on the naming convention of the role names. For example: AWSCloudFormationStackSetAdministrationRole and AWSCloudFormationStackSetExecutionRole.
- If Org ID is used in manual NRT setup to grant event bus permission, then assign the following list of additional permission to the role to be used in Stackset execution on the publisher account:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:PassRole",
"iam:DeleteRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:PutRolePolicy",
"iam:GetRolePolicy"
],
"Resource": "*"
}
]
}
-
CFTs create SQS for all regions in the receiver account. Once SQS creation is successful, provide all the QueueARN and QueueURL to Skyhigh Security Support to complete the setup.
-
Once the NRT setup is successful, you can view the Real-Time Configuration status on the Summary wizard as the Manual setup completed.
-
Skyhigh Security Support uses the QueueARN and QueueURL to complete the NRT setup.