Set up a Role for AWS SNS Alerts
To integrate with AWS SNS, Tenable Cloud Security requires a role with publish permission to the SNS topic.
Before you begin:
-
Log in to the AWS web console with a user account with permission to create IAM roles.
For more information about IAM roles, see Amazon's AWS Identity and Access Management User Guide.
To create a role for AWS SNS:
-
In the AWS web console, go to Identity and Access Management (IAM).
-
On the left navigation pane, click Roles.
The Roles page appears.
-
Click Create Role.
The Create Role wizard appears.
-
In the Select trusted entity page, do the following:
-
In the Trusted entity type section, select AWS Account.
-
In the An AWS Account section, select Another AWS Account.
-
In the Account ID box, type 012615275169.
Note: 012615275169 is the account ID of the Tenable AWS account that you are establishing a trust relationship with to support AWS role delegation. -
Under Options, click the Require External ID check box and type your Tenable Vulnerability Management Container UUID in the External ID box.
Note: In Tenable Vulnerability Management, navigate to Settings > License to get your container UUID. For more information, see View Information about Your Tenable Vulnerability Management Instance. -
Click Next.
-
-
On the Add permission policies page, create a policy with the following JSON:
Copy{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "*"
}
]
} -
In the Name, review, and create page, do the following:
-
In the Role Details section, type a Role Name for the role.
-
(Optional) Add a role description in the Description box.
-
(Optional) Click Add Tags to add key-value pairs to AWS resources.
-
Click Create Role.
-
-
To get the Role ARN and External ID of this new role for Tenable Cloud Security, do the following:
-
On the left navigation pane, click Roles.
-
Search for the role that you created.
-
In the Summary section, note the Role ARN value.
-
Click the Trust Relationships tab and note the value of the ExternalId field.
-
-
Note down the following values:
-
Role ARN
-
External ID
You need these values when configuring AWS SNS in Tenable Cloud Security.
-