Connecting your AWS account via Terraform

To connect your AWS account with our platform please download the following Terraform code:

13_security_scan_role.tf

provider “aws” {
region = “us-west-2”
}

variable “external_id” {
description = “External ID that 13 Security will use to assume the role 13SecurityScanRole from your 13 Security account.”
type = string
}

resource “aws_iam_role” “13SecurityScanRole” {
name = “13SecurityScanRole”

assume_role_policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Principal = {
AWS = “arn:aws:iam::975049992047:user/security-scanner”
}
Action = “sts:AssumeRole”
Condition = {
StringEquals = {
“sts:ExternalId” = var.external_id
}
StringLike = {
“aws:PrincipalArn” = “arn:aws:iam::975049992047:user/security-scanner”
}
}
}
]
})

max_session_duration = 3600

tags = {
Service = “https://13security.com”
Support = “[email protected]
CloudFormation = “true”
Name = “13SecurityScanRole”
Version = “1.0.1”
}
}

resource “aws_iam_role_policy_attachment” “SecurityAuditPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/SecurityAudit”
}

resource “aws_iam_role_policy_attachment” “ViewOnlyAccessPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/job-function/ViewOnlyAccess”
}

resource “aws_iam_policy” “13SecurityRoleAdditionalViewPrivileges” {
name = “13SecurityRoleAdditionalViewPrivileges”
description = “Additional View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = [
“account:Get“, “appstream:Describe“,
“appstream:List“, “backup:List“,
“cloudtrail:GetInsightSelectors”,
“codeartifact:List“, “codebuild:BatchGet“,
“cognito-idp:GetUserPoolMfaConfig”,
“dlm:Get“, “drs:Describe“,
“ds:Get“, “ds:Describe“,
“ds:List“, “dynamodb:GetResourcePolicy”, “ec2:GetEbsEncryptionByDefault”, “ec2:GetSnapshotBlockPublicAccessState”, “ec2:GetInstanceMetadataDefaults”, “ecr:Describe“,
“ecr:GetRegistryScanningConfiguration”,
“elasticfilesystem:DescribeBackupPolicy”,
“glue:GetConnections”,
“glue:GetSecurityConfiguration“, “glue:SearchTables”, “lambda:GetFunction“,
“logs:FilterLogEvents”,
“lightsail:GetRelationalDatabases”,
“macie2:GetMacieSession”,
“s3:GetAccountPublicAccessBlock”,
“shield:DescribeProtection”,
“shield:GetSubscriptionState”,
“securityhub:BatchImportFindings”,
“securityhub:GetFindings”,
“ssm:GetDocument”,
“ssm-incidents:List“, “support:Describe“,
“tag:GetTagKeys”,
“wellarchitected:List” ] Resource = “
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleAdditionalViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleAdditionalViewPrivileges.policy
}

resource “aws_iam_policy” “13SecurityRoleApiGatewayViewPrivileges” {
name = “13SecurityRoleApiGatewayViewPrivileges”
description = “API Gateway View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = “apigateway:GET”
Resource = [
“arn:aws:apigateway:::/restapis/“,
“arn:aws:apigateway:::/apis/
]
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleApiGatewayViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleApiGatewayViewPrivileges.policy
}

You need to utilize the provided by our platform external_id, which you can pass to Terraform utilizing different methods:

Option 1: Directly in the Command Line

terraform apply -var=”external_id=your_external_id_value”

Option 2: In a terraform.tfvars File

external_id = “your_external_id_value”

For additional assistance please reach out to our support team.

13 Security Blog

Get email alerts when we publish new blog articles!

more blog posts:

shallow focus photography of computer codes
Pen Testing & VM

A Deep Dive into Black Box Penetration Testing

Black box penetration testing is a method where testers evaluate the security of a network or system without any prior knowledge of its internal workings. This method closely simulates a real-world attack, as attackers usually do not have insider information.

Read More
Compliance

HIPAA Security Rule summary

The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI)

Read More