Set up a Role for AWS SNS Alerts

To integrate with AWS SNS, Tenable Cloud Security requires a role with publish permission to the SNS topic.

Before you begin:

• Log in to the AWS web console with a user account with permission to create IAM roles.

  For more information about IAM roles, see Amazon's AWS Identity and Access Management User Guide.

To create a role for AWS SNS:

1. In the AWS web console, go to Identity and Access Management (IAM).

2. On the left navigation pane, click Roles.

   The Roles page appears.

   

3. Click Create Role.

   The Create Role wizard appears.

4. In the Select trusted entity page, do the following:

   1. In the Trusted entity type section, select AWS Account.

   2. In the An AWS Account section, select Another AWS Account.

   3. In the Account ID box, type 012615275169.

      Note: 012615275169 is the account ID of the Tenable AWS account that you are establishing a trust relationship with to support AWS role delegation.

   4. Under Options, click the Require External ID check box and type your Tenable Vulnerability Management Container UUID in the External ID box.

      Note: In Tenable Vulnerability Management, navigate to Settings > License to get your container UUID. For more information, see View Information about Your Tenable Vulnerability Management Instance.

   5. Click Next.



5. On the Add permission policies page, create a policy with the following JSON:

   Copy

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": "sns:Publish",
               "Resource": "*"
           }
       ]
   }

6. In the Name, review, and create page, do the following:

   1. In the Role Details section, type a Role Name for the role.

   2. (Optional) Add a role description in the Description box.

   3. (Optional) Click Add Tags to add key-value pairs to AWS resources.

   4. Click Create Role.

7. To get the Role ARN and External ID of this new role for Tenable Cloud Security, do the following:

   1. On the left navigation pane, click Roles.

   2. Search for the role that you created.

   3. In the Summary section, note the Role ARN value.

   4. Click the Trust Relationships tab and note the value of the ExternalId field.

8. Note down the following values:

   • Role ARN

   • External ID

   You need these values when configuring AWS SNS in Tenable Cloud Security.