# Amazon Web Services (AWS)

CybrHawk's AWS integration provides best practice assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness, and also offers remediations.

## Requirements

CybrHawk requires an AWS Access Key ID and the associated AWS Secret Access Key. Please find relevant AWS documentation at <https://docs.aws.amazon.com/IAM/latest/UserGuide/id\\_credentials\\_access-keys.html>.

## Step 1. Create an AWS User with Required Permissions

To get started, create an AWS user with an IAM role attached holding the following policy:

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "account:Get*",
        "appstream:Describe*",
        "appstream:List*",
        "backup:List*",
        "bedrock:List*",
        "bedrock:Get*",
        "cloudtrail:GetInsightSelectors",
        "codeartifact:List*",
        "codebuild:BatchGet*",
        "codebuild:ListReportGroups",
        "cognito-idp:GetUserPoolMfaConfig",
        "dlm:Get*",
        "drs:Describe*",
        "ds:Get*",
        "ds:Describe*",
        "ds:List*",
        "dynamodb:GetResourcePolicy",
        "ec2:GetEbsEncryptionByDefault",
        "ec2:GetSnapshotBlockPublicAccessState",
        "ec2:GetInstanceMetadataDefaults",
        "ecr:Describe*",
        "ecr:GetRegistryScanningConfiguration",
        "elasticfilesystem:DescribeBackupPolicy",
        "glue:GetConnections",
        "glue:GetSecurityConfiguration*",
        "glue:SearchTables",
        "lambda:GetFunction*",
        "logs:FilterLogEvents",
        "lightsail:GetRelationalDatabases",
        "macie2:GetMacieSession",
        "macie2:GetAutomatedDiscoveryConfiguration",
        "s3:GetAccountPublicAccessBlock",
        "shield:DescribeProtection",
        "shield:GetSubscriptionState",
        "securityhub:BatchImportFindings",
        "securityhub:GetFindings",
        "servicecatalog:Describe*",
        "servicecatalog:List*",
        "ssm:GetDocument",
        "ssm-incidents:List*",
        "support:Describe*",
        "tag:GetTagKeys",
        "wellarchitected:List*"
      ],
      "Resource": "*",
      "Effect": "Allow",
      "Sid": "AllowMoreReadForProwler"
    },
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:GET"
      ],
      "Resource": [
        "arn:aws:apigateway:*::/restapis/*",
        "arn:aws:apigateway:*::/apis/*"
      ]
    }
  ]
}
```

## Step 2. Generate Access Keys

Then, generate an access token for a new user with these permissions assigned. Make sure to save the secret key, as it only appears once. These can then be used to activate the integration.

## Step 3. Deploy the integration via the Portal

Navigate to Deployment > Integrations > click add. Further guidance is available in [Managing Integrations](/cybrhawk-docs/platform-management/managing-integrations.md).

Required:

* **Ensure the correct Tenant name is chosen from the drop-down**
* **AWS Access Key ID**
* **AWS Secret Access Key**

<figure><img src="/files/qo2Lrp3LK0Qma4LTg526" alt="" width="359"><figcaption></figcaption></figure>

## Support

If any issues, please reach out to **<socv2@cybrhawk.com>,** and our team will assist.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/siem-integrations/public-cloud/aws.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.