About cross-account access
Cross-account access enables IAM users using one AWS account to access the AWS resources of another AWS account.
If you have several AWS accounts in your organization, it is recommended to use cross-account, instead of configuring several AWS connectors within Vulcan.
Prerequisites and User Permissions
The following is the role permission required for each AWS service. Make sure the required role permissions exist for the services you want to use.
Configure AWS Cross-Account
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the AWS icon.
Start by selecting the AWS Services you want to pull data from.
- At least one asset type must be selected (EC2/ ECR)
- ECR Assets can be aggregated by repo or by image. Once saved, it cannot be changed, and a new integration is required.
- For EC2 Finding, the user can select Inspector OR Inspector via Security hub to avoid duplications.
- At least one region must be selected
- ARN file must include at least one ARN
Once you are done with the selection, click “Download Policy”.
The downloaded file will be used at a later stage.
Generate an ARN file by following the instructions on the AWS connector setup page under AWS Configuration. Note that this step needs to re-occur in each AWS account you want to enable access to.
Note: The "External ID" can be customized. To determine your own External ID, contact Vulcan Support or your Customer Success Manager at Vulcan.
Upload the ARN file containing the account information in a CSV file.
Select Regions. The connector will try to pull data for each account for all selected regions.
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Configure the "Immediately remove this connector's assets when their status is:" option.
Once Done, Click on Create.
Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the AWS icon shows Connected, the sync is complete.
Visibility on the Vulcan Platform
Assets > Hosts
EC2 security groups
Assets > Hosts > Hosts details
Assets > Code Project
Assets > Code Project
Retrieving AWS ECR vulnerabilities
To enable the retrieval of AWS ECR vulnerabilities, set up the following configuration in the AWS connector:
Make sure AWS ECR, AWS Inspector, and AWS Security Hub are selected:
Follow the instruction of the AWS Connector configuration as described here.
For the Security Gub Products setting, make sure Inspector is selected:
Note: The configuration of AWS ECR vulnerabilities can be done in addition to any other AWS connector configuration.