Amazon Web Services
This page outlines the steps to enable AWS Integration with Zilla. We will be using the Delegate access across AWS accounts using IAM roles tutorial as a guide to allow you to delegate access of your AWS account to Zilla’s AWS account using AWS IAM Roles.
Bring in IAM Users and Groups into Zilla
To bring in IAM Users and Groups of an AWS Account, you need to create an IAM Role and attach an IAM Policy to it.
The next step is to create a cross account Role.
Create an IAM Role for IAM Users and Groups
Bring SSO Users, Groups and Permission Sets into Zilla
To Bring the SSO users, Groups and Permission sets into an AWS app instance in Zilla, this AWS app instance must have AWS Organization app instance as Parent Application.
Follow the steps for AWS Organization Sync for this AWS app instance’s Parent Application AWS Organization - API Integration
Notes:
“Discover Child Apps” configuration should be set to “Yes” in the AWS Organizations App which is parent of this AWS app.
“Sync AWS SSO accounts in Child AWS Apps” configuration should also be set to “Yes” in the AWS Organizations parent App.
The AWS Organizations App adds SSO configurations to its child AWS apps. These SSO configurations are hidden in the child AWS apps.
The configurations of the discovered AWS child Apps should not be edited manually. If the configurations are edited manually, it removes the hidden SSO configurations.
To restore the hidden SSO configurations to this child AWS app, sync the Parent AWS Organizations App.
Refer AWS - Hidden SSO configurations for more details.
Notes:
To sync all S3 buckets data, Zilla requires the following permissions to be allowed in the Zilla IAM Reader role:
ListAllMyBuckets
GetBucketLocation
GetBucketPolicy
GetBucketAcl
GetBucketPublicAccessBlock
GetBucketOwnershipControls
GetBucketPolicyStatus
GetEncryptionConfiguration
ListAccessPoints
GetAccessPoint
GetAccessPointPolicy
GetAccessPointPolicyStatus
Set up AWS Application Integration on Zilla
Login to Zilla at Zilla Security.
Once you are signed in, you will land on the
Applications
page.Click
Add Application
. You will see a library of all applications listed which are supported by Zilla.Type “aws” into the search bar to filter the results.
Click on
Add to Applications
next to theAmazon Web Services
entry. You will see a dialog box appear.All the fields are optional. Click
Add to Applications
.You will be redirected back to the Applications page and you will see the
Amazon Web Services
entry included in the list.Click the application instance to configure its integration.
Click
Sync now
in the top right corner. You will see a dialog box appear.Click the slider under API Integration to enable.
Enter the Role ARN. For example:
arn:aws:iam::<YOUR_AWS_ACCOUNT_ID>:role/Zilla-IAM-Reader-Role
created above. and clickNext
.Click
Next
again.Your sync will begin. Once it completes, you will see the below message.
Click
Done
. You will then see a message like this if the sync completed successfully.You can close the message dialog and navigate to the Accounts tab to the IAM Users from your AWS account.
Next, click the Permissions tab to browse the permissions assigned to each user.
Click the Resources tab to browse the AWS resources (S3 Buckets and S3 Access points).
Click the Profile tab to browse the AWS account Security Settings.