Enabling Cloud Infrastructure for AWS

Cloud Infrastructure for Amazon Web Services (AWS) allows us to monitor your company’s cloud IP footprint and automatically update it when addresses are changed or replaced.

Setting up this feature takes less than 15 minutes. Once complete, we begin collecting your IPs and a self-published report is generated within 3-5 business days. Your AWS infrastructure will be updated daily.

To sync an entire AWS tree of accounts into a Bitsight entity/scan an entire AWS Tree and all its organizational units in one single set up, use the AWS Management Account ID and follow the AWS Orgs instructions.

Step 1: Integrate Amazon Web Services (AWS)/Add Account

Enable Cloud Infrastructure for AWS by creating a new AWS role dedicated to Bitsight with CloudFormation. Having Bitsight assume this role allows the automated discovery of publicly-assigned IPs associated with your company in AWS. This cross-account role method is recommended by the AWS Technical Account Management team to grant specific permissions to another party.

Integrate AWS by providing your AWS Account ID and AWS Region, and then creating an AWS CloudFormation stack. We will connect to your AWS account with limited permissions. We use this access to identify your public AWS assigned resources as attributed infrastructure.

1. Select the + Add Account link at the bottom of the Cloud Infrastructure tab of the Attribution page [ Attack Surface ➔ Attribution].
2. Enter and confirm your AWS Account ID in the provided fields. Your 12-digit account ID is displayed under your user name in the AWS platform dropdown menu.
3. Select the AWS Region your AWS account and user are in. The correct AWS Region is necessary for the integration to work. Please contact support if your AWS Region is not in the list of options to get it supported.
4. Select Continue.

Step 2: Create CloudFormation Stack

To create a CloudFormation Stack:

1. Select Continue Process in CloudFormation to open a new stack creation tab in your instance of AWS using the Bitsight Cloud Infrastructure template. Only deploy the Stack and/or StackSets to the same single region selected previously on the Bitsight UI. Don’t worry - we still scan assets in all your regions.
2. In the AWS Create stack page, specify a template. See permissions that are included in the template.
3. Select the Next button at the bottom-right.
4. Select the I acknowledge that AWS CloudFormation might create IAM resources with custom names checkbox.
5. Select Submit.

Creating a Stack While Using AWS Orgs (Optional)

If you’re using AWS Orgs, ensure you’ve already created a stack and then create another stack set with service management permissions by following AWS instructions.

Step 3: Set up AWS Self-Published Company/Create Self-Published Company

A new self-published company based on the AWS infrastructure in the account you added will be created. This way, you can have a self-published company and rating for your AWS infrastructure. Self-published companies are managed like any other subsidiary in your Ratings Tree. It’s classified as a company-provided infrastructure, as the IPs are provided via an automated sync with your company.

See Setting Up an AWS Self-Published Company.