Configure AWS IAM Role Connection

An AWS IAM Role connection securely stores reusable credential information for integrations with Amazon Web Services (AWS). To create the connection, Alert Logic requires the ARN for the AWS IAM role that grants access to perform specific actions in your AWS account. In the AWS console, you can create multiple IAM roles, which grant different permissions based on the policy document you use to create the role.

Alert Logic provides the following steps to help you create the connection. For further questions about the steps performed in the AWS console, or if your interface looks different, contact AWS support.

  1. Create an IAM policy in the AWS console
  2. Create an IAM role in the AWS console
  3. Create the AWS IAM Role connection in the Alert Logic console
  4. Use the connection in automated response

Create an IAM policy in the AWS console

Alert Logic provides separate IAM policy documents that grant Alert Logic permission to perform actions in AWS.

If you use the policy document that grants permission to manage AWS users, you can perform the simple response AWS IAM Role: Disable User.

If you grant permission to update AWS WAF IP sets, you can perform the simple response AWS WAF IP Set: Block External IP Address.

Complete one or both of the following procedures, depending on your goals for the connection to AWS.

Alert Logic provides separate policy documents in the following procedures, but you can combine them if you prefer. In that case, you can create one role in Create an IAM role in the AWS console that grants Alert Logic permission to both manage users and update IP addresses in AWS WAF IP sets.

Create an IAM policy to manage AWS users

The policy document you use in this procedure grants access for Alert Logic to perform these actions only:

  • Perform policy simulation to help produce better error messages if the policy is not implemented correctly
  • Manage IAM users, which includes disabling or enabling user accounts but not adding or deleting them

To create an IAM policy to manage AWS users:

  1. In your AWS account where you want Alert Logic to run automated responses, go to https://console.aws.amazon.com/iamv2/home?#/policies/.
  2. From the IAM Management Console, click Create Policy.
  3. Click the JSON tab.
  4. Copy the contents of the policy document iam-policy-user.txt and replace the text in the policy editor.
  5. Click Next: Tags.
  6. Click Next: Review.
  7. On the Review Policy page, type a Policy Name and optional Description for the policy.

Create an IAM policy to update AWS WAF IP sets

The policy document you use in this procedure grants access for Alert Logic to perform these actions only:

  • Perform policy simulation to help produce better error messages if the policy is not implemented correctly
  • Add IP addresses to or remove them from an AWS WAF IP set

Before you begin, ensure your setup in AWS meets the following prerequisites for this integration:

  • AWS WAF (v2) Web ACL configured, either regional or CloudFront
  • AWS WAF IPv4 IP set created (IPv6 IP set is also supported if you want to use the connection for the playbook task Update AWS WAF IP Set.)
  • AWS WAF rule associating the IP set with the Web ACL

To create an IAM policy to update AWS WAF IP sets:

  1. In your AWS account where you want Alert Logic to run automated responses, go to https://console.aws.amazon.com/iamv2/home?#/policies/.
  2. From the IAM Management Console, click Create Policy.
  3. Click the JSON tab.
  4. Copy the contents of the policy document iam-policy-WAF.txt and replace the text in the policy editor.
  5. Click Next: Tags.
  6. Click Next: Review.
  7. On the Review Policy page, type a Policy Name and optional Description for the policy.

Create an IAM role in the AWS console

The next step in the AWS console is to create a role that uses one of the IAM policies you created.

If you created both policies, you can use the same role for both policies.

To create an IAM role in the AWS console:

  1. In your AWS account where you want Alert Logic to run automated responses, go to https://console.aws.amazon.com/iamv2/home#/roles/.
  2. Click Create role.
  3. On the Create role page, click Another AWS Account.
  4. Enter the Account ID: 246648824489.
  5. Click Next: Permissions.
  6. From the list of policies, locate the previously created policy. You can use the Filter Policies option and select Customer managed to help locate the policy.
  7. Select the check box next to the matching policy.
  8. Click Next: Tags.
  9. Click Next: Review.
  10. Type a Role Name and optional Role description, and then click Create Role.
  11. Click the policy name in the green bar at the top of the screen (“The role … has been created.”).
  12. Copy the Role ARN to a text editor for later.
In step 4, the Account ID is different from the main Alert Logic account ID, which you may have used in other AWS role integrations.

Create the AWS IAM Role connection in the Alert Logic console

After you finish the configuration in AWS, the next step is to create the connection in the Alert Logic console.

To create an AWS IAM Role connection:

  1. In the Alert Logic console, click the navigation menu icon (), click Configure, and then click Connections.
  2. On the Connections page, click the add icon (), and then click AWS IAM Role.
  3. On the Create an AWS IAM Role Connection page, type a descriptive name for the connectionfor example, "AWS IAM Role Connection for Managing Users".
  4. In AWS IAM Role ARN, paste the Role ARN that you noted in Create an IAM role in the AWS console.
  5. Click SAVE.

Use the connection in automated response

After you save the connection, you can use it in an automated response. For examples of automated actions that can use this connection, see Create an IAM policy in the AWS console. For more information about automated response, see Get Started with Automated Response.

Manage connections

You can view the list of connections and edit or delete an existing one. For more information, see Manage Connections.