Connecting your AWS account via Terraform

To connect your AWS account with our platform please download the following Terraform code:

13_security_scan_role.tf

provider “aws” {
region = “us-west-2”
}

variable “external_id” {
description = “External ID that 13 Security will use to assume the role 13SecurityScanRole from your 13 Security account.”
type = string
}

resource “aws_iam_role” “13SecurityScanRole” {
name = “13SecurityScanRole”

assume_role_policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Principal = {
AWS = “arn:aws:iam::975049992047:user/security-scanner”
}
Action = “sts:AssumeRole”
Condition = {
StringEquals = {
“sts:ExternalId” = var.external_id
}
StringLike = {
“aws:PrincipalArn” = “arn:aws:iam::975049992047:user/security-scanner”
}
}
}
]
})

max_session_duration = 3600

tags = {
Service = “https://13security.com”
Support = “[email protected]
CloudFormation = “true”
Name = “13SecurityScanRole”
Version = “1.0.1”
}
}

resource “aws_iam_role_policy_attachment” “SecurityAuditPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/SecurityAudit”
}

resource “aws_iam_role_policy_attachment” “ViewOnlyAccessPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/job-function/ViewOnlyAccess”
}

resource “aws_iam_policy” “13SecurityRoleAdditionalViewPrivileges” {
name = “13SecurityRoleAdditionalViewPrivileges”
description = “Additional View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = [
“account:Get“, “appstream:Describe“,
“appstream:List“, “backup:List“,
“cloudtrail:GetInsightSelectors”,
“codeartifact:List“, “codebuild:BatchGet“,
“cognito-idp:GetUserPoolMfaConfig”,
“dlm:Get“, “drs:Describe“,
“ds:Get“, “ds:Describe“,
“ds:List“, “dynamodb:GetResourcePolicy”, “ec2:GetEbsEncryptionByDefault”, “ec2:GetSnapshotBlockPublicAccessState”, “ec2:GetInstanceMetadataDefaults”, “ecr:Describe“,
“ecr:GetRegistryScanningConfiguration”,
“elasticfilesystem:DescribeBackupPolicy”,
“glue:GetConnections”,
“glue:GetSecurityConfiguration“, “glue:SearchTables”, “lambda:GetFunction“,
“logs:FilterLogEvents”,
“lightsail:GetRelationalDatabases”,
“macie2:GetMacieSession”,
“s3:GetAccountPublicAccessBlock”,
“shield:DescribeProtection”,
“shield:GetSubscriptionState”,
“securityhub:BatchImportFindings”,
“securityhub:GetFindings”,
“ssm:GetDocument”,
“ssm-incidents:List“, “support:Describe“,
“tag:GetTagKeys”,
“wellarchitected:List” ] Resource = “
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleAdditionalViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleAdditionalViewPrivileges.policy
}

resource “aws_iam_policy” “13SecurityRoleApiGatewayViewPrivileges” {
name = “13SecurityRoleApiGatewayViewPrivileges”
description = “API Gateway View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = “apigateway:GET”
Resource = [
“arn:aws:apigateway:::/restapis/“,
“arn:aws:apigateway:::/apis/
]
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleApiGatewayViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleApiGatewayViewPrivileges.policy
}

You need to utilize the provided by our platform external_id, which you can pass to Terraform utilizing different methods:

Option 1: Directly in the Command Line

terraform apply -var=”external_id=your_external_id_value”

Option 2: In a terraform.tfvars File

external_id = “your_external_id_value”

For additional assistance please reach out to our support team.

13 Security Blog

Get email alerts when we publish new blog articles!

more blog posts:

Cloud Security

AWS: Shared Responsibility and Risk Model

Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.

Read More
Cloud Security

MITRE ATT&CK Tactics

The Adversarial Tactics, Techniques, and Common Knowledge or MITRE ATT&CK is a guideline for classifying and describing cyberattacks and intrusions.

Read More