Connecting your AWS account via Terraform

To connect your AWS account with our platform please download the following Terraform code:

13_security_scan_role.tf

provider “aws” {
region = “us-west-2”
}

variable “external_id” {
description = “External ID that 13 Security will use to assume the role 13SecurityScanRole from your 13 Security account.”
type = string
}

resource “aws_iam_role” “13SecurityScanRole” {
name = “13SecurityScanRole”

assume_role_policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Principal = {
AWS = “arn:aws:iam::975049992047:user/security-scanner”
}
Action = “sts:AssumeRole”
Condition = {
StringEquals = {
“sts:ExternalId” = var.external_id
}
StringLike = {
“aws:PrincipalArn” = “arn:aws:iam::975049992047:user/security-scanner”
}
}
}
]
})

max_session_duration = 3600

tags = {
Service = “https://13security.com”
Support = “[email protected]
CloudFormation = “true”
Name = “13SecurityScanRole”
Version = “1.0.1”
}
}

resource “aws_iam_role_policy_attachment” “SecurityAuditPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/SecurityAudit”
}

resource “aws_iam_role_policy_attachment” “ViewOnlyAccessPolicy” {
role = aws_iam_role.13SecurityScanRole.name
policy_arn = “arn:aws:iam::aws:policy/job-function/ViewOnlyAccess”
}

resource “aws_iam_policy” “13SecurityRoleAdditionalViewPrivileges” {
name = “13SecurityRoleAdditionalViewPrivileges”
description = “Additional View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = [
“account:Get“, “appstream:Describe“,
“appstream:List“, “backup:List“,
“cloudtrail:GetInsightSelectors”,
“codeartifact:List“, “codebuild:BatchGet“,
“cognito-idp:GetUserPoolMfaConfig”,
“dlm:Get“, “drs:Describe“,
“ds:Get“, “ds:Describe“,
“ds:List“, “dynamodb:GetResourcePolicy”, “ec2:GetEbsEncryptionByDefault”, “ec2:GetSnapshotBlockPublicAccessState”, “ec2:GetInstanceMetadataDefaults”, “ecr:Describe“,
“ecr:GetRegistryScanningConfiguration”,
“elasticfilesystem:DescribeBackupPolicy”,
“glue:GetConnections”,
“glue:GetSecurityConfiguration“, “glue:SearchTables”, “lambda:GetFunction“,
“logs:FilterLogEvents”,
“lightsail:GetRelationalDatabases”,
“macie2:GetMacieSession”,
“s3:GetAccountPublicAccessBlock”,
“shield:DescribeProtection”,
“shield:GetSubscriptionState”,
“securityhub:BatchImportFindings”,
“securityhub:GetFindings”,
“ssm:GetDocument”,
“ssm-incidents:List“, “support:Describe“,
“tag:GetTagKeys”,
“wellarchitected:List” ] Resource = “
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleAdditionalViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleAdditionalViewPrivileges.policy
}

resource “aws_iam_policy” “13SecurityRoleApiGatewayViewPrivileges” {
name = “13SecurityRoleApiGatewayViewPrivileges”
description = “API Gateway View Privileges for 13SecurityScanRole”

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = “apigateway:GET”
Resource = [
“arn:aws:apigateway:::/restapis/“,
“arn:aws:apigateway:::/apis/
]
}
]
})
}

resource “aws_iam_role_policy” “13SecurityRoleApiGatewayViewPrivilegesAttachment” {
role = aws_iam_role.13SecurityScanRole.name
policy = aws_iam_policy.13SecurityRoleApiGatewayViewPrivileges.policy
}

You need to utilize the provided by our platform external_id, which you can pass to Terraform utilizing different methods:

Option 1: Directly in the Command Line

terraform apply -var=”external_id=your_external_id_value”

Option 2: In a terraform.tfvars File

external_id = “your_external_id_value”

For additional assistance please reach out to our support team.

13 Security Blog

Get email alerts when we publish new blog articles!

more blog posts:

Compliance

SOC 1 vs SOC 2 vs SOC 3

SOC (Service Organization Control) audit reports are used to assess the security and control of a service provider’s system and the services they provide to

Read More
Compliance

ISO 27001 Overview

ISO 27001 is an international Standard for the implementation of an enterprise-wide Information Security Management System (ISMS), an organized approach to maintaining confidentiality, integrity and availability (CIA) in an organization.

Read More
Pen Testing & VM

Web and API Penetration Testing

Modern web applications continue to be a challenge for organizations to secure as developers build increasingly complex business applications faster than ever. Many organizations are

Read More