Skip to main content
All CollectionsGetting Started & How-ToBreachRisk™ for BusinessManage Assessment Scope
How to integrate Amazon Web Services with BreachBits
How to integrate Amazon Web Services with BreachBits

Discovering and testing the threat vectors in your AWS environment has never been easier.

Updated over 2 weeks ago

Securely integrating your Amazon Web Services (AWS) account with BreachBits can be done in 4 steps:

  1. Get the required BreachBits details from your Dashboard. In your BreachBits Dashboard, go to the Scope page and select Add New Integration.

    1. Select AWS as the cloud environment for the integration.

    2. You will now be able to access the 3 pieces of information you will need to create your AWS integration. Keep this page up to reference these details as you enable the integration in AWS. These details are:

      1. Account ID: This is the BreachBits AWS Account Id needed to create an AWS role for BreachBits.

      2. External ID: This is a unique identifier for your organization that increases the security of the integration.

      3. Policy Definition: This is the definition of the policy needed by BreachBits to retrieve a list of your key AWS resources. This policy can be copied using the clipboard button.

  2. Create an AWS Policy for BreachBits. Log into your AWS account and navigate to the AWS IAM page. In the Access Management menu, select 'Policies'.

    1. On the Policies page, select 'Create Policy' at the top of the page.

    2. In the Policy Editor, select the 'JSON' tab.

    3. In the 'JSON' tab, delete all text in the editor (typically Version and an empty Statement list). Then, take the text copied from the BreachBits Policy Definition in step 1 and paste it into the editor. When complete, select 'Next'.

    4. (optional) On the next page, you can add any tags to your policy if you wish. Once complete, select 'Next' again.

    5. To complete your AWS Policy for BreachBits, give it a name you will recognize and select 'Complete Policy' at the bottom of the page.

  3. Create an AWS Role for BreachBits. In the AWS IAM menu, select 'Roles'.

    1. In the Roles page, select 'Create Role'.

    2. Create the role for BreachBits using the details found in the first step.

      1. Trusted entity type: AWS Account

      2. AWS Account: Another AWS Account (provide Account ID)

      3. Options: Require external ID (provide External ID)

      4. Select 'Next'

    3. On the 'Add Permissions' page, select the Policy created in Step 2. Select 'Next'

    4. On the 'Review' page, give the role a name (required), description (optional) and any tags desired (optional). Then select 'Create Role'.

    5. Lastly, return to the 'Roles' page from the IAM menu and select the role that was just created.

    6. Find the Amazon Resource Name (ARN) for the newly-created role and copy it. This is the last piece of information needed to complete the integration.

  4. Complete the integration with the AWS ARN. Return to the BreachBits Dashboard. Scroll to the bottom to find the place to enter the AWS ARN. Once you have entered it, select Add AWS Integration.

Congratulations! You have integrated your AWS infrastructure with BreachBits. You should see an entry in the cloud integrations table for the new AWS integration. If you click the View button, you can get a live view of the resources BreachBits has visibility of through the integration.

What happens next?

Now that your AWS infrastructure is integrated with BreachBits, each upcoming BreachRisk™ assessment will query your AWS infrastructure details from the integration and include it in your attack surface, where it will be searched for publicly-accessible threats that can be discovered, monitored and tested.

Did this answer your question?