AWS v1 (deprecated)

You can import new assets directly from your AWS by giving us restricted read access.

This version of the AWS connector is now deprecated. Please follow the instructions for AWS v2 when adding a new connector.

Import assets directly from Route53, ElasticIP, and Elastic Load Balancer by integrating with AWS.

If you're connected with AWS, Halo Security can monitor assets with dynamic IP addresses by setting an AWS Instance ID for targets. For more information, see the Scan Configuration page.

AWS Setup

Create Policy

In your AWS dashboard navigate to Identity and Access Management (IAM)
Click Policies then Create policy
Click JSON tab
Paste the Policy JSON below
Click Next: Tags
Click Next: Review
Enter a name Halo Security-connector-policy
Click Create Policy

Create User

In your AWS dashboard navigate to 'Identity and Access Management (IAM)'
Click Users then Add user
Enter a username Halo Security-connector
Check access type Programmatic access
Select Attach existing policies directly
Search for Halo Security-connector-policy and check the row.
Click Next: Tags
Click Next: Review
Click Create user
Save your Access key ID and Secret access key

Custom Policy JSON

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "HaloSecurity01",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "elasticloadbalancing:Describe*",
                "route53:GetHostedZone",
                "route53:ListHostedZones",
                "route53:ListResourceRecordSets",
                "route53:ListHostedZonesByName",
                "s3:ListAllMyBuckets",
                "cloudfront:ListDistributions"
            ],
            "Resource": "*"
        }
    ]
}

Connect AWS to Halo Security

In your Halo Security dashboard navigate to the Asset Import Connector section.
Click Add
Select "AWS".
Enter your Access key ID and Secret access key
Select any other options
Click Save

Last updated 1 month ago