This section describes how securiCAD can be used to analyze your AWS environments. In short, securiCAD can analyze your AWS environment by collecting data from the environment which is then used to perform attack simulations.
To collect the required data, you need access to an IAM role or IAM User with read access to the accounts you want to analyze.
Create an IAM policy with at least the following permissions. The permissions gives limited read access to the supported AWS services.
(Optional) Generate access keys to your IAM user.
The securiCAD AWS Collector collects environment information from the AWS APIs, and stores the result in a JSON file. To gain access to the AWS APIs, the securiCAD AWS Collector needs to be configured with the credentials of an IAM user or an IAM role with this permissions described above.
Install the securicad-aws-collector with pip:
pip install securicad-aws-collector
Below are a few examples of how to run the securiCAD AWS Collector. The script stores the collected data in a file named
aws.json. Find more examples and options here.
Use credentials of an IAM user and a region:
securicad-aws-collector --access-key ACCESS_KEY --secret-key SECRET_KEY --region REGION
Use a pre-configured profile from ~/.aws/credentials or ~/.aws/config:
securicad-aws-collector --profile securicad
The resulting JSON file can be uploaded directly into securiCAD Vanguard by selecting the AWS CLI Script option.
The generated access keys can also be used directly in securiCAD Vanguard and it will run the AWS collector script for you.
Updated about 1 month ago