Guides
Start typing to search…

AWS

AWS Integration Setup Guide

Complete guide for integrating AWS with CyberOptix using cross-account IAM roles.

Overview

CyberOptix uses a cross-account IAM role with read-only permissions to discover and monitor AWS resources across your organization. This guide walks through creating the necessary IAM policies, service account, and role configuration.

Prerequisites

  • Access to AWS Management Console
  • IAM permissions to create users, roles, and policies
  • AWS Organizations access (if integrating multiple accounts)

Part 1: Create IAM Policies

Step 1: Navigate to IAM

  1. Open AWS Console → Security, Identity, & ComplianceIAM
AWS IAM

Step 2: Create Read-Only Policy

  1. Click PoliciesCreate policy
  2. Select JSON tab
  3. Paste the following policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "organizations:ListAccounts",
                "ec2:Describe*",
                "cloudwatch:List*",
                "cloudwatch:Get*",
                "ssm:Describe*",
                "ssm:Get*",
                "ssm:List*"
            ],
            "Resource": "*"
        }
    ]
}
  1. Click Next
  2. Name the policy: cyberoptix-readonly-policy
  3. Click Create policy

Step 3: Create Assume Role Policy

  1. Click PoliciesCreate policy
  2. Select JSON tab
  3. Paste the following policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::*:role/CyberOptixReadOnlyAssumeRole"
        }
    ]
}
  1. Click Next
  2. Name the policy: cyberoptix-assume-role-policy
  3. Click Create policy

Part 2: Create IAM Service Account

Step 1: Create User

  1. Navigate to IAMUsersCreate user
Create User Button
  1. Enter a username: cyberoptix-svc-account
  2. Do NOT select "AWS Management Console access"
  3. Click Next
New AWS User

Step 2: Attach Policies

  1. Select Attach policies directly
Attach Policies
  1. Select both policies created in Part 1:
    • cyberoptix-readonly-policy
    • cyberoptix-assume-role-policy
  2. Click NextCreate user

Step 3: Create Access Keys

  1. Click on the newly created user
  2. Navigate to Security credentials tab
Security Credentials
  1. Scroll to Access keysCreate access key
Access Keys
  1. Select Application running outside AWS
  2. Click Next
Application Outside AWS
  1. Add a description tag (optional)
  2. Click Create access key
  3. Save the Access Key ID and Secret Access Key - you'll need them in Part 4
Copy Keys

Part 3: Configure Cross-Account Role (Multi-Account Setup)

Skip this section if you only have a single AWS account.

Repeat these steps in each AWS account you want to integrate with CyberOptix.

Step 1: Create IAM Role

  1. Navigate to IAMRolesCreate role
  2. Select Custom trust policy
Custom Trust Policy
  1. Paste the following trust policy (replace XXXXXXXXXXX with your management account ID):
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXXXXXX:user/cyberoptix-svc-account"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
  1. Click Next

Step 2: Attach AWS Managed Policies

  1. Toggle the filter to All types
  2. Select the following AWS managed policies:
    • ReadOnlyAccess
    • CloudWatchReadOnlyAccess
    • AmazonSSMReadOnlyAccess
  3. Click Next

Step 3: Name the Role

  1. Enter role name: CyberOptixReadOnlyAssumeRole
  2. Click Create role

Important: The role name must be exactly CyberOptixReadOnlyAssumeRole to match the assume role policy created in Part 1.

Part 4: Add Integration to CyberOptix

Step 1: Navigate to Integrations

  1. Log in to CyberOptix
  2. Navigate to IntegrationsAvailable Integrations
Available Integrations

Step 2: Create AWS Integration

  1. Select AWS as the integration type
AWS Integration
  1. Enter the credentials from Part 2, Step 3:
    • Access Key ID: From the service account access keys
    • Secret Access Key: From the service account access keys
    • AWS Assume Role: CyberOptixReadOnlyAssumeRole

Note: If the role is in a directory, include the full path (e.g., /path/CyberOptixReadOnlyAssumeRole)

AWS Integration Keys
  1. Click Submit

Step 3: Verify Integration

The integration will appear in your Active Integrations list. CyberOptix will begin discovering AWS resources within a few minutes.

Permission Summary

IAM Service Account Policies

PolicyPurpose
cyberoptix-readonly-policyRead EC2, CloudWatch, SSM, and list organization accounts
cyberoptix-assume-role-policyAssume cross-account roles

Cross-Account Role Permissions

AWS Managed PolicyPurpose
ReadOnlyAccessRead all AWS resources
CloudWatchReadOnlyAccessRead CloudWatch metrics and logs
AmazonSSMReadOnlyAccessRead Systems Manager parameters and configurations

What Data CyberOptix Collects

CyberOptix performs read-only operations on the following AWS resources:

Compute & Networking:

  • EC2 instances, AMIs, snapshots, volumes
  • VPCs, subnets, security groups, network interfaces
  • Elastic Load Balancers, Auto Scaling Groups

Monitoring & Management:

  • CloudWatch metrics, alarms, and logs
  • Systems Manager parameters and patch compliance
  • AWS Config rules and compliance status

Organization:

  • AWS Organization accounts list
  • Account metadata and structure

Additional Resources

Updated about 2 months ago