Amazon Inspector is a vulnerability management service that detects and scans Amazon EC2 instances, container images, AWS Lambda functions, and code repositories. This guide walks you through the steps to gather the necessary information and configure your service for the purpose of creating an integration with Synqly's Application Security connector.
The operations executed by Synqly's Application Security connector will only return results that appear under the Code Security tab in the Amazon Inspector Console. This only includes resources that match the resource type of CODE_REPOSITORY.
Before you begin, ensure that you have:
- Activated Amazon Inspector
- Access to an AWS account with the ability to create IAM policies, roles, and users
Need to activate Amazon Inspector? See the Amazon Inspector Getting Started docs page
For more information on the policy actions required to access IAM resources see the Amazon IAM Permissions required to access IAM resources docs page
| Operation | Required Policy Action |
|---|---|
| Query Applications | inspector2:ListFindingAggregations |
| Query Application Findings | inspector2:ListFindings |
| Query findings across all applications | inspector2:ListFindings |
| Get Application Finding Details | inspector2:ListFindings inspector2:ListFindingAggregations |
- Log into the AWS Management Console and open the IAM Console. This can be done by searching for the IAM console or going to this link https://console.aws.amazon.com/iam/
- Select Policies from the sidebar on the left
- Select Create Policy
- Find the Policy Editor and then the Select a service section. Using the search box at the top of this section search for the Inspector2 service
- In the Actions allowed section, check the boxes of each of the required policy actions. The required policy actions can be found above in the section titled Required Policy Actions
- Once you have checked the box of each required policy action, select Next.
- On the Review and create page, fill the Policy Name and Description fields. Take note of the policy name as you will need this in the next section
- Select Create Policy. You have now created a new policy, proceed to the next section titled 2. Creating a new user with API only access
For more information on creating a new policy using the visual editor, see the AWS IAM Creating IAM Policies docs page
- If you have not already, log into the AWS Management Console and open the IAM Console. This can be done by searching for the IAM console or going to this link https://console.aws.amazon.com/iam/
- Select Users from the sidebar on the left
- Select Create user
- Fill in the user name field. Leave the Provide user access to the AWS Management Console box Unchecked
- Select Next
- Find the Permissions options section and select the Attach policies directly option
- Find the Permissions policies section and use the search box to search for the policy you created in the previous section titled 1. Creating a IAM Policy.
- Check the box to the left of the policy and then select Next at the bottom of the page
- Review the details and then select Create user at the bottom of the page. You have now created a new user with API only access, proceed to the next section titled 3. Creating the Access Key and Secret
For more information on creating a new user in the IAM Console, see the AWS IAM Create an IAM user in your AWS account docs page
- If you have not already, log into the AWS Management Console and open the IAM Console. This can be done by searching for the IAM console or going to this link https://console.aws.amazon.com/iam/
- If not already, return to the main users page by selecting Users from the sidebar on the left
- Select the name of the new user that you created in the previous section titled 2. Creating a new user with API only access
- Select Security Credentials
- Find the Access keys section and select Create access key
- If prompted to select a use case, select Other
- Fill in the description tag value and select Create access key
- You have now created the access key and access key secret that will be used to configure a new Synqly Amazon Inspector integration. Take note of these values and store them in a safe location
For more information on creating and managing access key for IAM users, see the AWS IAM Manage access keys for IAM user docs page
To configure a new Amazon Inspector integration in the Synqly system, provide each of the values as defined below:
| Integration Parameter | Description |
|---|---|
| Region | This is your Amazon Inspector region. This value is found by navigating to the Amazon Inspector console and extracting the region from the url. The url uses this format: {region}.console.aws.amazon.com |
| Access Key Id | This is the Access key ID value generated from executing the steps above |
| Secret Access Key | This is the Secret access key value generated from executing the steps above |
| Session (Optional) | This is a token generated when using temporary credentials with AWS resources. This token is not generated by following this guide, you may leave this value blank |