- Knowledge Base
- Cloud Scanning (CSPM)
- Amazon Web services (AWS)
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
What permissions are required to scan my AWS environment?
Holm Security Cloud Scanner for Amazon Web Services (AWS)
Cloud Provider Configuration
Create a "Holm Security Cloud Scanner" user with the SecurityAudit policy.
- Log into your AWS account as an admin or with permission to create IAM resources.
- Navigate to the IAM console.
- Click on Users.
- Create a new user (Add user).
- Set the username to "Holm cloud scanner".
- Set the access type to "Programmatic access" and click Next.
- Select Attach existing policies directly and select the SecurityAudit policy.
- Click Create policy to create a supplemental policy (some permissions are not included in SecurityAudit).
- Click the JSON tab and paste the following permission set.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:DescribeActiveReceiptRuleSet",
"athena:GetWorkGroup",
"logs:DescribeLogGroups",
"logs:DescribeMetricFilters",
"elastictranscoder:ListPipelines",
"elasticfilesystem:DescribeFileSystems",
"servicequotas:ListServiceQuotas"
],
"Resource": "*"
}
]
} - Click Review policy.
- Provide a name (HolmCloudSupplemental) and click Create policy.
- Return to the Create user page and attach the newly-created policy. Click Next: tags.
- Set tags as needed and click Create user.
- Make sure you safely store the Access key ID and Secret access key.
- Paste them into the corresponding AWS credentials section of the Security Center cloud scan configuration.
- Done!