- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- CNAPP
- :
- Re: AWS - Automated remediation via Dome9 CloudBot...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS - Automated remediation via Dome9 CloudBots
What do you do if you have hundreds of security groups and many team members that manage those security groups ?
How do you make sure that your environment is continuously secured ?!
In this video, you will learn about the best practices for managing and auto-remediate violated AWS security groups.
You will learn about the following topics:
- Managing AWS security groups
- Cloud Security Posture Repository
- Dome9 GSL Language
- Periodic Compliance
- CloudBots
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Shay,
Can you make a video explaining how to complete the multi mode deployment for cloudbots? i was able to complete step 1 and 2 but I don't know where am i supposed to run the script from and what is the <aws profile>?
See instructions below.
Deploy for Multi mode
For multi-mode, you will setup one account as above for the single mode, and then set up cross account roles in each additional account.
On the AWS CFT console, for your account, perform these steps:
- Set the ACCOUNT_MODE environment variable to multi.
- Edit the trust_policy.json file (in the cross_account_role_configs folder),to add the account id of the additional account. Then, run the following commands:
cd cross_account_role_configs ./create_role.sh <aws profile>
This script will create the IAM role and policy and the cross-account role for the additional account.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Basilio,
To run this command you need an AWS profile specific to the account on which you want to create the role
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
docs.aws.amazon.com
Named Profiles - AWS Command Line Interface
A named profile is a collection of settings and credentials that you can apply to an AWS CLI command. When you specify a profile to run a command, the settings and credentials are used to run that command. You can specify one profile that is the "default", and is used when no profile is explicitly referenced. Other profiles have names that you can specify as a parameter on the command line for individual commands. Alternatively, you can specify a profile in an environment variable
for example -aws ec2 describe-instances --profile user1
and that would refer to that file and the entry "user1" in it
You need to use whatever way possible to create an IAMrole and attach a Policy to it.......
That script is 1 way to do it on an account by account basis., the profile just helps your script understand which account it is (a profile is created on the client-side on whichever machine you want to run this script on)
In this case, the simple way is just login to the 2nd cloud account, go to IAM, create a role and attach the policy in it (names and policy contents ) are in that folder
The script is just to automate this action and then it needs to be repeated for each your cloud accounts
That way the cludbots can assume the role to all the other accounts where they aren't installed and perform all actions allowed by that Policy
Shay