RapidFort AWS Prerequisites
Set up AWS prerequisites for RapidFort

AWS Prerequisites

Before deploying RapidFort in your AWS environment, please set up the following:
  • S3 Bucket for RapidFort data
  • IAM EC2 Role OR IAM User
    • The role or user must have Read/List/Write permissions for the RapidFort S3 bucket
    • If using a role, the policy attached to the role must grant permissions to assume the role (sts:AssumeRole)
In addition to setting up an S3 bucket and IAM EC2 Role or IAM User, please verify that the environment in which RapidFort will be deployed has HTTPS access to the environment in which your container images will be deployed and tested (for example, Docker-Compose, Kubernetes, Amazon EKS, AWS Fargate, and so forth). Runtime tracing of stub images requires HTTPS access to the RapidFort server.

S3 Bucket

Create an S3 bucket (for example, rapidfort-s3) in the same region in which the RapidFort application will be deployed.
Make a note of the S3 bucket ARN and name.
  • Example: AWS Commercial
    • ARN: arn:aws:s3:::rapidfort-s3
    • Name: rapidfort-s3
  • Example: AWS GovCloud
    • ARN: arn:aws-gov:s3:::rapidfort-s3
    • Name: rapidfort-s3

IAM

RapidFort needs Read/List/Write permissions for the S3 bucket.
You may either create an IAM EC2 role or an IAM user and attach a policy.
Sample JSON policies are provided for your reference. Please contact your AWS Solutions architect if your environment has additional requirements.
IAM Role
IAM User

Create an IAM EC2 Role

Create an IAM EC2 role (e.g. rapidfort-role). Do not attach a policy to the role yet.
Make a note of the IAM Role ARN (for example, arn:aws:iam::012345678910:role/rapidfort-role or arn:aws-gov:iam::012345678910:role/rapidfort-role).

Create an IAM EC2 Policy

Create an IAM EC2 policy (e.g. rapidfort-policy).
Replace the S3 bucket name and the IAM EC2 role ARN in the sample JSON code.
Attach the policy to the role created in the previous step.
Please note that the policy must grant permissions to assume the role (sts:AssumeRole).
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"<S3_BUCKET_ARN>",
"<S3_BUCKET_ARN>/*"
]
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "<ROLE_ARN>"
}
]
}
Example: AWS Commercial
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::rapidfort-s3",
"arn:aws:s3:::rapidfort-s3/*"
]
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::012345678910:role/rapidfort-role"
}
]
}
Example: AWS GovCloud
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws-gov:s3:::rapidfort-s3",
"arn:aws-gov:s3:::rapidfort-s3/*"
]
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws-gov:iam::012345678910:role/rapidfort-role"
}
]
}

Create an IAM User

Create a RapidFort IAM user (for example, rapidfort-user). The RapidFort user does not need access to the AWS Console.
Generate and download AWS credentials (access key ID and secret access key) for the RapidFort user.

Create an IAM EC2 Policy

Replace the S3 bucket name in the sample JSON code.
Attach the policy to the user created in the previous step.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"<S3_BUCKET_ARN>",
"<S3_BUCKET_ARN>/*"
]
}
]
}
Example: AWS Commercial
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::rapidfort-s3",
"arn:aws:s3:::rapidfort-s3/*"
]
}
]
}
Example: AWS GovCloud
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws-gov:s3:::rapidfort-s3",
"arn:aws-gov:s3:::rapidfort-s3/*"
]
}
]
}

Review

You should now have the following:
  • RapidFort S3 bucket ARN and name
  • One of the following:
    • IAM EC2 role and policy that grants
      • Read/List/Write permissions for the RapidFort S3 bucket
      • Permissions to assume the role
    • AWS access key ID and secret access key for an IAM user with Read/List/Write permissions for the RapidFort S3 bucket