Amazon Web Services - Manual Deployment Amazon Web Services - Manual Deployment

Amazon Web Services - Manual Deployment

This guide walks you through manually integrating your AWS environment with Chariot to enable comprehensive security monitoring and vulnerability assessment across your cloud infrastructure. While we recommend using our Infrastructure as Code (IaC) integration for automated deployment and easier maintenance, the manual deployment process gives you full control over the integration setup while ensuring secure, read-only access to your AWS resources.

 

Prerequisites

Before starting the integration, ensure you have:

  • AWS CLI or console access with sufficient permissions to create IAM roles, policies, and Cloudformation stacks
  • Organization management administrator permissions (for Organization-level integration)
  • Account administrator permissions (for individual account integration)

 

Integration Process

Step 1 - Initiate Integration Setup

  1. Navigate to the Integrations section in your Chariot dashboard
  2. Click "Add Integration" and select "AWS"
  3. Choose your integration scope and follow the prompts

We recommend you integrate at the Organization level for more comprehensive and accurate coverage of security weaknesses across your environment. For Organization-level integration, you'll need to provide:

  • Account ID: Your AWS management account ID (12-digit number)
  • Deployment Type: Manual

For individual account integration, you'll need to provide:

  • Account ID: The specific AWS account ID you want to integrate
  • Deployment Type: Manual

 

Step 2 - Create Cloud Resources

The system generates a unique external ID for this integration when you submit the form with the required account information.

Copy this external ID as you will user it in AWS later.

  1. Create an IAM role with the following configuration:
    • Role Name: chariot-integration-role
    • Trust Policy: Allow Chariot's AWS account to assume the role with your unique external ID (this is shown in the Chariot integration set-up modal)
    • Permissions: Attach the following AWS managed policies:
      • ReadOnlyAccess
      • SecurityAudit
      • AmazonInspector2ReadOnlyAccess
    • Additional Permissions: Create an inline policy with the following permissions:
{
   "Statement": [
     {
         "Action": [
            "a4b:Get*",
            "account:Get*",
            "codeartifact:List*",
            "drs:Describe*",
            "glue:GetConnections",
            "lambda:GetFunctionUrlConfig",
            "securityhub:BatchImportFindings",
            "ssm-incidents:List*",
            "support:Describe*",
            "wellarchitected:List*"
        ],
         "Effect": "Allow",
         "Resource": "*"
     }
  ],
   "Version": "2012-10-17"
}
  1. Trust Policy: Set the trust policy as follows after adding your unique external ID from above
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::992382785633:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "YOUR-UNIQUE-EXTERNAL-ID"
        }
      }
    }
  ]
}

NOTE: If you prefer manual setup (as opposed to infrastructure as code), you must ensure the appropriate role is created in ALL accounts (including the Organization management account) for the Organization-level integration.

NOTE: When integrating at the Organization level, if you do not create the role in the Organization management account for a full integration, our workloads will not be able to retrieve information about other accounts and the integration will not yield results.

 

Step 3 - Complete the Integration

  1. After creating the necessary resources, return to the Chariot integration modal
  2. Click "Finish" to complete the integration

When you do this, Chariot will automatically:

  • Validate the integration by attempting to assume the deployed role
  • Verify validity of access to your AWS environment
  • Add the integration to your integrations list upon successful validation

 

Next Steps

Once your AWS integration is successfully configured, Chariot will begin discovering and analyzing your cloud infrastructure. Chariot is now able to inventory your resources and identify potential security vulnerabilities.

Monitor your integration status in Chariot, where you'll be able to view discovered assets, security findings, and compliance assessments across your AWS environment.

 

Support

If you encounter any issues during the integration process or need assistance with troubleshooting, please don't hesitate to reach out to our support team at support@praetorian.com. Our team is ready to help ensure your AWS integration is configured correctly and operating smoothly.

Articles in this section