AWS credentials tab

Configure AWS credentials on the AWS credentials tab. These credentials are used for the collection of VPC flow logs or the acquisition of AWS Cloud Asset data. You can authenticate to AWS using an access key or an IAM role.

In order to acquire Cloud Asset data, your AWS account must be configured with at least the minimal security policy recommended by ScoutSuite.

Note:

To obtain the Access key ID and Secret access key, login to your AWS IAM dashboard and select the appropriate account. On the Summary page, select the Security credentials tab. Click Create access key to generate a new Access key ID and Secret access key. AWS encourages you to download these credentials in csv format. There is no subsequent way of obtaining the secret access key. However, you can always create another key pair.

An IAM role can only be used with a Sensor instance in AWS.

To configure this tab, you must first select a Sensor. Click the server Appliance button then select the appropriate appliance from the Select appliances pop-up. Click Select appliance to dismiss the pop-up.

Click the plus button to create a new entry.

The credentials list includes the following fields:

Profile name

A unique name for the AWS account. This must be the same name you used on AWS.

You must create two profiles for an account that has the both credential types. In this case, you should use the same name for each profile.

Credential type

Select the type of credentials for the account. Click the underlined text and select Access and Secret Key or IAM Role from the pull-down menu.

Access key ID

An access key ID generated by AWS for the account. This column is always N/A for the IAM Role.

Secret access key

The secret access key generated by AWS for the account. This column is always N/A for the IAM Role.

Discovery default

Click the toggle to select the current profile as the cloud asset discovery default. Only one profile from the credentials list can be set as default. If the credentials for the selected profile are incomplete, it cannot be selected.

You must explicitly select the cloud asset discovery default profile.

Actions

To delete an AWS credential, click the delete icon.

Click the Deploy changes button to save changes and retrigger a device configuration. Any changes that have not been deployed will be lost.