AWS Integration with Trustle.

Welcome to the tutorial on installing AWS with Trustle! This section will showcase how to setup your environment and connect with Trustle. Let's get started!

Prerequisites

To complete this tutorial, you'll need an AWS account. If you don't already have one you can use as a dev sandbox, signup up for a free AWS (pay as you go) account here.

NOTE: The AWS-specific steps of this tutorial will not incur AWS billing charges.

Installing the AWS Integration

To enable Trustle to communicate with your AWS account, we’ll need to first install the Trustle AWS Connector.  

Once installed and configured, the Trustle AWS connector:

1. Monitors AWS IAM and provides a full read-out on all accounts, privileges, and policies on the platform.
2. Detects identity-related threats and mitigation recommendations.
3. Implements AWS IAM permissions request workflows, and if enabled, the automated provisioning and deprovisioning of permissions based on the workflow state.
4. Tracks account security data and usage.
5. Calculates a Risk Score for each policy and account in your system.

Configuring the Trustle Connector User

The Trustle AWS Integration requires some components to communicate between Trustle and AWS:

1. An AWS user named trustle-connector.
2. Two managed policies attached to trustle-connector, named trustle-read and trustle-write.
3. An access key pair.

The following procedure uses CloudFormation to describe and provision trustle-connector resources into your AWS environment in a safe, repeatable way.  

Create the IAM User, Policies, and Access

To create the user and policy via CloudFormation and the AWS CLI:

1. Login to the AWS console to the console as an admin user.
2. Select the region you wish to run CloudFormation from in the upper right corner of the AWS Console.
3. Click this link to prepopulate the Create Stack Wizard with the trustle-connector CloudFormation template.
4. Click the confirmation checkbox at the bottom of the page.
5. Click Create change set.

The Create Change Set dialog appears.

6. Accept the defaults, and click Create change set.

7. To inspect the exact resources being created, click through the Template and Changes tabs.
8. When you are ready to create the resources, click the refresh button on the Overview panel, and then click Execute change set.

NOTE:  The trustle-connector can run either in a read-only, or read/write mode.  You can control Trustle read/write functionality from within the Trustle application itself (default write-disabled).  If you choose, you can also disable Trustle write functionality at the IAM system-level as well by removing the trustle-write policy from the trustle-connector user’s permissions after stack creation completes.  

You can always update the trustle-connector user’s permissions to include the trustle-write managed policy later on if you wish to keep it disabled at the IAM system-level while you experiment with Trustle’s read-only features.

The Execute change set dialog page appears.

9. Accept the defaults on the dialog, and click Execute change set.
10. Once the stack creation is complete, you can view your newly created user and associated permissions via the IAM user detail page for trustle-connector.
11. Create access keys for the user with the AWS CLI via the following command (use CloudShell if you already have the required access via the console):

aws iam create-access-key --user-name trustle-connector

‍

Keep the returned Access and the Secret keys for the next section.  Follow best practices to protect the credentials you just created.

Connect to Trustle

Now that you have the access keys, paste them into the Trustle AWS System to connect your Organization.

Settings

Now that the AWS System is installed, head over to the Settings tab within the System, and change these settings:

• Default Provisioning to Manual, Interactive, or Automatic. This turns on the System.
• Visibility to Visible. This allows your Users to see the System.
• Check Initiate Deprovisioning When Access Expires.

You're done! We look forward to helping you secure your AWS Organization with Trustle.

‍