Integrations
      Back to home
      1. Knowledge Base
      2. User Guides
      3. Integrations

      How to integrate Amazon Web Services with BreachBits

      Discovering and testing the threat vectors in your AWS environment has never been easier.

      Securely integrating your Amazon Web Services (AWS) account with BreachBits can be done in 4 steps:

      1. Get the required BreachBits details in the Dashboard.  In your BreachBits Dashboard, select 'Cloud Integrations' in the left menu. 
        Screen Shot 2022-03-23 at 2-42-26 PM-png-1
        1. Once there, select 'Integrate Now' on the AWS integration tile.  If you don't see the 'Integrate Now' button, then you may not have access to this feature.  
        2. You will now be able to access the 3 pieces of information you will need to create your AWS integration.  Keep this page up to reference these details as you enable the integration in AWS. These details are:
          1. Account ID: This is the BreachBits AWS Account Id needed to create an AWS role for BreachBits.
          2. External ID: This is a unique identifier for your organization that increases the security of the integration.
          3. Policy Definition: This is the definition of the policy needed by BreachBits to retrieve a list of your key AWS resources.  This policy can be copied using the clipboard button in the upper right corner of the AWS Policy Definition Viewer.           
      2. Create an AWS Policy for BreachBitsLog into your AWS account and navigate to the AWS IAM page.  In the Access Management menu, select 'Policies'.             
        1. On the Policies page, select 'Create Policy' at the top of the page.  
        2. In the Policy Editor, select the 'JSON' tab.  
        3. In the 'JSON' tab, delete all text in the editor (typically Version and an empty Statement list).  Then, take the text copied from the BreachBits Policy Definition in step 1 and paste it into the editor.  When complete, select 'Next'.
        4. (optional) On the next page, you can add any tags to your policy if you wish.  Once complete, select 'Next' again.
        5. To complete your AWS Policy for BreachBits, give it a name you will recognize and select 'Complete Policy' at the bottom of the page.
      3. Create an AWS Role for BreachBits.  In the AWS IAM menu, select 'Roles'.  
        1. In the Roles page, select 'Create Role'.
        2. Create the role for BreachBits using the details found in the first step.  
          1. Trusted entity type: AWS Account
          2. AWS Account: Another AWS Account (provide Account ID
          3. Options: Require external ID (provide External ID)
          4. Select 'Next'
        3. On the 'Add Permissions' page, select the Policy created in Step 2.  Select 'Next'
        4. On the 'Review' page, give the role a name (required), description (optional) and any tags desired (optional).  Then select 'Create Role'.
        5. Lastly, return to the 'Roles' page from the IAM menu and select the role that was just created.
        6. Find the Amazon Resource Name (ARN) for the newly-created role and copy it.  This is the last piece of information needed to complete the integration.  
      4. Complete the integration with the AWS ARN.  Return to the AWS integration page in your BreachBits Dashboard.  Scroll to the bottom to find the form to enter the AWS ARN.  Once you have entered it, select 'Start Integration'.  

      Congratulations!  You have integrated your AWS infrastructure with BreachBits.  The AWS Integration tile should indicate that your integration is active.

      What happens next?

      Now that your AWS infrastructure is integrated with BreachBits, each upcoming BreachRisk™ assessment will query your AWS infrastructure details from the integration and include it in your attack surface, where it will be searched for publicly-accessible threat vectors that can be discovered, monitored and tested.