Versions Compared

Version Old Version 1 New Version 2
Changes made by

KS

KS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

·        Pre-requisites

·        Scope

o   Use case 1: Log Collection within same AWS account (Where LCP and logging resource are in the same AWS account)

o   Use case 2: Log Collection using cross AWS account (Where LCP is hosted in MDR SOC AWS account and logging resource is in Customer AWS account)

...

This quick start guide will help Accenture MDR customers configure Amazon Web Service (AWS) Role Based Access Control to allow log collection from the Log Collection Platform (LCP). 

The document includes the following topics:

Table of Contents


Pre-requisites

  1. AWS users should have access to create, modify the IAM role.

  2. AWS users should have access to assign a role to EC2 instance (LCP).

Scope

  1. Log Collection within same AWS account (Where LCP and logging resource(s) are in the same AWS account) (Mainly used for MDR self-monitoring)

  2. Log Collection using cross AWS account (Where LCP is hosted in MDR SOC AWS account and logging resource is in Customer AWS account)

...

Note:  Logging resources we support are S3 Bucket, SQS, and CloudWatch log

 

Use case 1: Log Collection within same AWS account (Where LCP and logging resource are in the same AWS account)

  1. Sign in to the AWS Management Console.

  2. Open the AWS Identity and Access Management (IAM) console.

  3. In the navigation pane, choose Roles.

  4. Select Create role

  5. For Select type of trusted entity, choose AWS service and EC2 from Choose a use case

  6. Click Next: Permissions at the bottom

  7. Choose Create policy

  8. Choose the JSON tab

  9. Type or paste below JSON policy. Make sure you are replacing the resource name.

...

Property

Value

Description

Secret Access Key

na

Configure it as ”na”

Secret Access ID

na

Configure it as ”na”

S3 Bucket/Log Group(s)/SQS Queue URL

<Resource Name>

Provide S3 bucket name, Log Group Name(s)  or SQS URL based on logging source

Region

<Region>

Enter region (E.g.: us-west-2)

Logging Source

<Select logging Source>

Select logging Source from dropdown S3, CloudWatch or SQS

Bucket Prefix Path(s)

<PrefixPath>

Incase of Logging Source as S3

example: /AWSLogs/Account-ID/CloudTrail/region,

Use case 2: Log Collection using cross AWS account (Where LCP is hosted in MDR SOC AWS account and logging resource is in Customer AWS account)

Follow these steps:

  • Configure IAM role in customer AWS account (Account A) with appropriate permissions to the resource (customer side configuration)

  • Configure IAM role in MDR SOC AWS account (Account B) to access customer resource (MDR Side Configuration)

...

Below are the resource policies which will get attached to "ACNMSSCrossAccountRole" based on the logging resources selected in the template

 

Configure IAM role in MDR SOC AWS account (Account B) to access customer resource (MDR Side Configuration)

 

  1. Sign in to the AWS Management Console with Account B

  2. Open the IAM console.

  3. From the navigation pane, choose Roles.

  4. Choose to Create role.

  5. For Select type of trusted entity, choose AWS service.

  6. For Choose the service that will use this role, choose EC2

  7. Choose Next: Permissions.

  8. Choose Next: Tags.

  9. You can add optional tags to the role. Or, you can leave the fields blank, and then choose Next: Review.

  10. For the Role name, enter a name for the role.

  11. Choose to Create role.

  12. From the list of roles, choose the role that you just created.

  13. Choose to Add inline policy, and then choose the JSON view.

...