Connecting your AWS account via Terraform

To connect your AWS account with our platform please download the following Terraform code:

13_security_scan_role.tf

provider “aws” {
region = “us-west-2”
}

variable “external_id” {
description = “External ID that 13 Security will use to assume the role 13SecurityScanRole from your 13 Security account.”
type = string
}

resource “aws_iam_role” “13SecurityScanRole” {
name = “13SecurityScanRole”

assume_role_policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Principal = {
AWS = “arn:aws:iam::975049992047:user/security-scanner”
}
Action = “sts:AssumeRole”
Condition = {
StringEquals = {
“sts:ExternalId” = var.external_id
}
StringLike = {
“aws:PrincipalArn” = “arn:aws:iam::975049992047:user/security-scanner”
}
}
}
]
})

max_session_duration = 3600

tags = {
Service = “https://13security.com”
Support = “[email protected]
CloudFormation = “true”
Name = “13SecurityScanRole”
Version = “1.0.1”
}
}

resource “aws_iam_role_policy_attachment” “SecurityAuditPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/SecurityAudit”
}

resource “aws_iam_role_policy_attachment” “ViewOnlyAccessPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/job-function/ViewOnlyAccess”
}

resource “aws_iam_policy” “13SecurityRoleAdditionalViewPrivileges” {
name = “13SecurityRoleAdditionalViewPrivileges”
description = “Additional View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = [
“account:Get“, “appstream:Describe“,
“appstream:List“, “backup:List“,
“cloudtrail:GetInsightSelectors”,
“codeartifact:List“, “codebuild:BatchGet“,
“cognito-idp:GetUserPoolMfaConfig”,
“dlm:Get“, “drs:Describe“,
“ds:Get“, “ds:Describe“,
“ds:List“, “dynamodb:GetResourcePolicy”, “ec2:GetEbsEncryptionByDefault”, “ec2:GetSnapshotBlockPublicAccessState”, “ec2:GetInstanceMetadataDefaults”, “ecr:Describe“,
“ecr:GetRegistryScanningConfiguration”,
“elasticfilesystem:DescribeBackupPolicy”,
“glue:GetConnections”,
“glue:GetSecurityConfiguration“, “glue:SearchTables”, “lambda:GetFunction“,
“logs:FilterLogEvents”,
“lightsail:GetRelationalDatabases”,
“macie2:GetMacieSession”,
“s3:GetAccountPublicAccessBlock”,
“shield:DescribeProtection”,
“shield:GetSubscriptionState”,
“securityhub:BatchImportFindings”,
“securityhub:GetFindings”,
“ssm:GetDocument”,
“ssm-incidents:List“, “support:Describe“,
“tag:GetTagKeys”,
“wellarchitected:List” ] Resource = “
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleAdditionalViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleAdditionalViewPrivileges.policy
}

resource “aws_iam_policy” “13SecurityRoleApiGatewayViewPrivileges” {
name = “13SecurityRoleApiGatewayViewPrivileges”
description = “API Gateway View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = “apigateway:GET”
Resource = [
“arn:aws:apigateway:::/restapis/“,
“arn:aws:apigateway:::/apis/
]
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleApiGatewayViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleApiGatewayViewPrivileges.policy
}

You need to utilize the provided by our platform external_id, which you can pass to Terraform utilizing different methods:

Option 1: Directly in the Command Line

terraform apply -var=”external_id=your_external_id_value”

Option 2: In a terraform.tfvars File

external_id = “your_external_id_value”

For additional assistance please reach out to our support team.

13 Security Blog

Get email alerts when we publish new blog articles!

more blog posts:

Prodigy 13 - Zero Trust Cybersecurity
Cybersecurity

Threat Hunting Myths

Threat hunting is the human-driven, proactive and iterative search through networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing automated tools.

Read More
Cloud Security

AWS HIPAA

AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

Read More