Rapid7 Setup

Posted on by

1). Created Policy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::aws-cloudtrail-logs-715178913690-6df5db81",
                "arn:aws:s3:::aws-cloudtrail-logs-715178913690-6df5db81/*"
            ]
        }
    ]
}

2). Created IAM Group with the policy from #1

3). Create IAM User that belongs to the group from #2

4). Pull API Access Key and Secret Key from the user created in step #3

5). Modify the CloudTrail S3 bucket to add this policy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::715178913691:user/Rapid7"
            },
            "Action": "s3:List*",
            "Resource": [
                "arn:aws:s3:::aws-cloudtrail-logs-715178913690-6df5db81",
                "arn:aws:s3:::aws-cloudtrail-logs-715178913690-6df5db81/*"
            ]
        },
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::715178913691:user/Rapid7"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::aws-cloudtrail-logs-715178913690-6df5db81/*"
        }

6). Plug this into Rapid 7

https://docs.rapid7.com/insightidr/aws-cloudtrail-api/