Versions Compared

Version Old Version 6 New Version 7
Changes made by

KS

KS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configure IAM role in MDR SOC AWS account (Account B) to access customer resource (MDR Side Configuration)

...

  1. Sign in to the AWS Management Console with Account B

  2. Open the IAM console.

  3. From the navigation pane, choose Roles.

  4. Choose to Create role.

  5. For Select type of trusted entity, choose AWS service.

  6. For Choose the service that will use this role, choose EC2

    Image Added

  7. Choose Next: Permissions.

  8. Choose Next: Tags.

  9. You can add optional tags to the role. Or, you can leave the fields blank, and then choose Next: Review.

  10. For the Role name, enter a name for the role.

  11. Choose to Create role.

  12. From the list of roles, choose the role that you just created.

  13. Choose to Add inline policy, and then choose the JSON view.

14.  Enter the following policy. Replace arn:aws:iam::111111111111:role/ROLENAME with the Role ARN shared by Customer AWS Account (Account A)

Expand
titlePolicy

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": "sts:AssumeRole",

            "Resource": "arn:aws:iam::111111111111:role/ROLENAME"

        }

    ]

}

15. Choose Review policy.

16. For Name, enter a name for the policy.

17. Choose to Create policy.

18. Go back to AWS Management Console.

19. Open the EC2 Dashboard.

20. Go to Instances (running) if the LCP machine is running or else go to Instances, search for LCP instance, and start it.

21. Select an LCP instance, go to Actions→ Security→ Modify IAM role

...

22. Search for the IAM role that you have created earlier and click Save.

...

23. Go to the LCP UI and configure the appropriate collector using below sensor configuration

Property

Value

Description

Secret Access ID

<Role ARN>

Configure Role ARN shared by the customer

Secret Access Key

<External ID>

Configure External id shared between Customer and Accenture

S3 Bucket/Log Group(s)/SQS Queue URL

<Resource Name>

Provide S3 bucket name, Log Group Name(s), or SQS URL based on logging source

Region

<Region>

Enter region (Eg: us-west-2)

Logging Source

<Select logging Source >

Select logging Source from dropdown S3, CloudWatch or SQS

Bucket Prefix Path(s)

<PrefixPath>

Incase of Logging Source as S3

example: /AWSLogs/Account-ID/CloudTrail/region,

...