Dropzone AI Documentation
WebsiteTest Drive
  • Dropzone Documentation
  • Overview
    • Alert Sources
    • Data Sources
    • Communicators
    • On-prem Support - Dropzone Connector
    • Interactive Chat
    • Metrics Guide
  • Dropzone Administraton
    • Team Admin
      • Google Workspace SAML
      • Okta SAML
  • Dropzone Integrations
    • Alert + Data Source Integrations
      • Amazon Web Services (AWS)
        • Cross-Account Access via CloudFormation
        • Cross-Account Access via Console
      • CrowdStrike
      • Datadog
      • Elasticsearch
      • Google Workspace
      • Google GCP
      • Jira
      • Microsoft 365 / Microsoft Defender
      • Palo Alto Networks Firewall
      • Panther
      • SentinelOne
      • Splunk
      • Sumo Logic
    • Alert Integrations
      • Gem
    • Communicators
      • Slack Communicator
    • Data Source Integrations
      • AbuseIPDB
      • Active Directory (LDAP)
      • Archive Inspector
      • Blocklist.de
      • CAPA
      • Censys
      • Crowdstrike Falcon Intelligence
      • DNSResolver
      • File
      • GreyNoise
      • Hybrid Analysis
      • Host.io
      • IPInfo.io
      • IPQualityScore
      • MalwareBazaar
      • Nuclei
      • NVD
      • Okta
      • oletools
      • OpenSSL Sign Code
      • PDF Analysis
      • Perplexity AI
      • PhishTank
      • Shodan
      • TShark
      • QRadar
      • UnshortenMe
      • URLhaus
      • Urlscan.io
      • VirusTotal
      • Vision
      • WHOIS
      • YARAify
Powered by GitBook
On this page
  • Find the Dropzone IAM Role Information
  • Create the Role
  • Repeat For Additional AWS Accounts

Was this helpful?

  1. Dropzone Integrations
  2. Alert + Data Source Integrations
  3. Amazon Web Services (AWS)

Cross-Account Access via Console

PreviousCross-Account Access via CloudFormationNextCrowdStrike

Last updated 6 months ago

Was this helpful?

There are multiple ways to deploy AWS roles to provide Dropzone visibility into your environment. See for more info.

The following steps walk you through creating a role and granting it to the Dropzone-provided role in the AWS console. This also has the information you'd need to create your own Infrastructure-as-Code configuration if you choose.

Find the Dropzone IAM Role Information

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • Click System > Integrations

  • In the upper left click on the "Data Sources" button in the upper left do configure the AWS Data Source integration

  • Click "Data Sources" in the top left corner

  • Find the "AWS" tile and click Connect

  • In the top left you'll see section named "Connection". Record the ARN and EXTERNAL ID which you will use later in the AWS JSON Policy

Create the Role

Next you'll create a role in the AWS account you want monitored and available.

You'll need the following information:

Value
Used In
Source

Dropzone-provided ARN

AWS Role Custom Trust Policy JSON

ARN value from the AWS Data Source "Connection" section

Dropzone-provided External ID

AWS Role Custom Trust Policy JSON

External ID value from the AWS Data Source "Connection" section

AWS Account ID

Custom Permissions Policy JSON

Find this in the user/role dropdown in the upper right of the AWS console

  • Log in to the AWS Management Console for the account where you want to create the role

  • Open the Identity Access and Management (IAM) dashboard

  • From the left navigation, select "Access Management" > Roles

  • Click "Create Role"

  • Click "Custom Trust Policy"

  • In the text field below, paste the following policy, replacing the <Dropzone-provided User ARN> and <Dropzone-provided External ID> strings with values from the Dropzone UI you recorded earlier:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<Dropzone-provided User ARN>"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "<Dropzone-provided External ID>"
                }
            }
        }
    ]
}
  • Click "Next" in the bottom right

  • You'll now be on the "Add Permissions" page where you can add AWS pre-built policies

  • Choose your policy method:

    • Add the ReadOnlyAccess policy which will allow Dropzone to have all policies needed even in the future, or

    • Add the following policies one-by-one:

Policy

AWSCloudTrail_ReadOnlyAccess

AmazonEC2ReadOnlyAccess

AmazonGuardDutyReadOnlyAccess

AmazonRoute53ReadOnlyAccess

AmazonS3OutpostsReadOnlyAccess

AmazonS3ReadOnlyAccess

AmazonSSMReadOnlyAccess

IAMReadOnlyAccess

  • Click "Next" when done adding policies

  • Give the new role the name "Dropzone_AI"

  • Click "Create Role" in bottom right

  • From "Identity and Access Management (IAM)" > "Access Management" > Roles search for the new role

  • Click on the role

  • In the middle of the page you'll see "Permissions Policies"

  • Click "Add Permission"

  • Select "Create Inline Policy"

  • In the text field paste the following policy, replacing the <your_accountnumber> strings with this AWS account ID:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CloudTrailStartQuery",
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey",
                "cloudtrail:StartQuery"
            ],
            "Resource": [
                "arn:aws:kms:*:<your_accountnumber>:key/*",
                "arn:aws:cloudtrail:*:<your_accountnumber>:eventdatastore/*"
            ]
        },
        {
		 "Sid": "EKSReadOnly",
		 "Effect": "Allow",
		 "Action": [
		     "eks:Describe*",
		     "eks:List*"
		 ],
		 "Resource": "*"
	  }

    ]
}
  • Click Next

  • Give the new permission the name "Dropzone_AI_Additional"

  • Click "Create Policy"

You should be returned to the Dropzone_AI role page and see the policies you've added, including the custom policy.

  • Record the ARN for this role which we'll use later when configuring the Dropzone Data and Alert Sources

Repeat For Additional AWS Accounts

Repeat the steps taken in the "Create the Role" section for all other AWS accounts you want visible to Dropzone.

Make sure you're keeping a list of all the role ARNs you create along the way - you'll need them later.

Once done, you may move onto configuring the Dropzone Data and Alert Sources.

Once done, you may move onto configuring the Dropzone Data and Alert Sources described in

the aws documentation
the aws documentation
Integrations Dropdown
Select the "Data Sources" button
The AWS Data Source Tile
The AWS Connection Information
IAM
Create Role
Custom Trust Policy Selection
Add Permissions page
Role Name
Create Role
Find the Role
Permissions Policies
Create Inline Policy Option
Custom Permissions JSON
AWS Role Page