Authentication Settings

AWS Integration

By configuring authentication settings for AWS, you can add the following features to FutureVuls:

Integration Procedure

There are two ways to configure AWS authentication information, but we recommend using IAM roles for more secure and easy setup.

Using IAM Roles for Authentication

Configure IAM role integration with the following steps:

Open the external settings for FutureVuls and click “Add” in AWS. image

Select authentication with IAM roles, enter the AWS Account ID and Region, and proceed to the next step. image

Click the link to configure CloudFormation and execute CloudFormation. image

  • If integration has already been completed for another group, select FutureVulsAssumeRole from CloudFormation > Stacks on AWS to obtain the value of FutureVulsExternalID.

After the execution is complete, return to the FutureVuls configuration screen and proceed to the next step.

Once the execution is complete, return to the FutureVuls configuration screen and proceed to the next step.

At this point, the authentication information is automatically checked for validity, and if it is valid, the settings are saved.

image

Once the authentication information is displayed as shown below, the authentication configuration is complete. image

Authentication method using API key

We recommend using the IAM role authentication method over this method. Use this method only if the IAM role authentication method is not available.

To authenticate using AccessKey and SecretKey, open the FutureVuls external settings and click “Add” in the AWS card.

image

Select authentication using an API key and execute CloudFormation. Issue an API key with the IAM created, enter the access key, secret key, and region, and proceed to the next step. At this point, the authentication information is automatically checked for validity, and if it is valid, it is saved.

image

If the authentication information is displayed as shown below, the setup is complete.

image

Configuration Deletion

Click the trash can button in the authentication information section.

image

If you want to delete authentication information related to FutureVuls AWS from your AWS environment, delete the CloudFormation executed during authentication setup.

Policies used by FutureVuls

The AWS policies used by FutureVuls AWS integration are as follows. There is a possibility of changing them in the future to enhance integration.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeTags",
                "ssm:DescribeInstanceInformation",
                "ssm:ListDocuments",
                "ssm:ListCommandInvocations",
                "ecr:GetAuthorizationToken",
                "ecr:DescribeImages",
                "ecr:BatchGetImage",
                "ecr:DescribeImageScanFindings",
                "ecr:GetRepositoryPolicy",
                "inspector2:ListFindings",
                "inspector2:ListCoverage"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ssm:DescribeDocument",
                "ssm:SendCommand"
            ],
            "Resource": "arn:aws:ssm:*:*:document/FutureVuls*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ssm:SendCommand"
            ],
            "Resource": "arn:aws:ec2:*:*:instance/*",
            "Effect": "Allow"
        }
    ]
}