Versions Compared

Version Old Version 11 New Version Current
Changes made by

Christine Gross

Maeve O'Malley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel1
maxLevel7
printablefalse

Login to AWS console and go to IAM dashboard

  1. Login to the AWS Account via the AWS Management Console

    Image Removed

    Enter your 12-digit account number. Click Next and then enter your username and password to login.

  2. Once you are logged in, you will land on the home page with a search bar at the top.

    Image Removed

     

  3. In the search bar, search for IAM and click on the search result called IAM.

    Image Removed

     

  4. You will be redirected to the IAM dashboard.

    Image Removed

     

     

Bring in IAM Users and Groups into Zilla

...

Create an IAM Role for IAM Users and Groups

Steps to create an IAM Role

  1. Click on Roles from the left hand side menu to begin then click Create role button to create a new IAM Role.

    Image Removed

     

  2. Under An AWS account select Another AWS account and enter the 12 digit Account ID of Zilla (087210011007). Select the Options checkbox for ‘Require external ID’ and enter the External ID field as your tenant’s domain name. Click Next.

    Image Removed

     

  3. On the permissions page, search for the policy SecurityAudit , and select the checkbox. Click Next.

  4. Image Removed

    Optionally add tags and click Next: Review.

    Image Removed

     

  5. On the review page, add the name of the role Zilla-IAM-Reader-Role and optionally add a description. Review the trusted entity account id matches Zilla’s account Id (087210011007) and that the permissions section contains SecurityAudit. Click Create role.

    Image Removed

     

  6. Once the role is created, you can search for it on the Roles tab and click on the role to check its details.

    Image Removed

     

  7. On the role details page, double check the policy under Trust relationships that Trusted entities has Zilla Account ID (087210011007) and your domain name as ExternalId condition.

    Image Removed

     

Info

Notes:

  1. Copy the Role ARN. For example: arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/Zilla-IAM-Reader-Role and keep it handy for later.

  2. Typically IAM Users and Groups are created against each AWS Account, so you will need to create the above role and policy for each of your AWS Accounts.

  3. Currently, the IAM Role and Policy creation to bring in IAM Users and Groups is mandatory in Zilla.

Include Page
AWS - Create an IAM Role for IAM Users, Groups, Roles and Resources
AWS - Create an IAM Role for IAM Users, Groups, Roles and Resources

Bring SSO Users, Groups and Permission Sets into Zilla

To Bring the SSO users, Groups and Permission sets into an AWS app instance in Zilla, this AWS app instance must have AWS Organization app instance as Parent Application.

...

Follow the steps here for AWS Organization Sync for this AWS apps’s app instance’s Parent Applicationhttps://zilla.atlassian.net/wiki/pages/resumedraft.action?draftId=2210168855

Info

Notes:

  1. “Discover Child Apps” configuration should be set

as

  1. to “Yes” in the AWS

Organization

  1. Organizations App which is parent of this AWS app.

  2. “Sync AWS SSO accounts in Child AWS Apps” configuration should also be set

as

  1. to “Yes” in the AWS

Organization

  1. Organizations parent App.

  2. The AWS

Organization

  1. Organizations App adds SSO configurations to

it’s

  1. its child AWS apps. These SSO configurations are hidden in the child AWS apps.

  2. The configurations of the discovered AWS child Apps should not be edited manually. If the configurations are edited manually, it removes the hidden SSO configurations.

If the configurations are edited manually, then it’s Parent AWS Organization App should be synced first. So it will again add

  1. To restore the hidden SSO configurations to this child AWS app, sync the Parent AWS Organizations App.

Refer AWS - Hidden SSO configurations for more details.

 

Info

 Notes:
To sync all S3 buckets data, Zilla requires the following permissions to be allowed in the Zilla IAM Reader role:

  • ListAllMyBuckets

  • GetBucketLocation

  • GetBucketPolicy

  • GetBucketAcl

  • GetBucketPublicAccessBlock

  • GetBucketOwnershipControls

  • GetBucketPolicyStatus

  • GetEncryptionConfiguration

  • ListAccessPoints

  • GetAccessPoint

  • GetAccessPointPolicy

  • GetAccessPointPolicyStatus

Set up AWS Application Integration on Zilla

  1. Login to Zilla at http://app.zillasecurity.com/.

    Image Modified

     

  2. Once you are signed in, you will land on the Applications page.

    Image Modified

     

  3. Click Add Application. You will see a library of all applications listed which are supported by Zilla.

    Image Modified

     

  4. Type “aws” into the search bar to filter the results.

    Image Modified

     

  5. Click on Add to Applications next to the Amazon Web Services entry. You will see a dialog box appear.

    All the fields are optional. Click Add to Applications.

    Image Modified

  6. You will be redirected back to the Applications page and you will see the Amazon Web Services entry included in the list.

    Image Modified

     

  7. Click the application instance to configure its integration.

    Image Modified

  8. Click Sync

...

  1. now in the top right corner. You will see a dialog box appear.

    Image Modified

  2. Click the slider under API Integration to enable.

    Image Modified

  3. Enter the Role ARN. For

...

  1. example: arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/Zilla-IAM-Reader-Role created above. and click Next.

    Image Modified

  2. Click Next again.

    Image Modified

     

  3. Your sync will begin. Once it completes, you will see the below message.

    Image Modified

     

  4. Click Done . You will then see a message like this if the sync completed successfully.

    Image Modified

  5. You can close the message dialog and navigate to the Accounts tab to the IAM Users from your AWS account.

    Image Modified

     

  6. Next, click the Permissions tab to browse the permissions assigned to each user.

    Image Modified

  7. Click the Resources tab to browse the AWS resources (S3 Buckets and S3 Access points).

    Image Added

  8. Click the Profile tab to browse the AWS account Security Settings.

...

Include Page
Integrations Footer
Integrations Footer