RAPIDFORT User Docs
SupportSign Up for Free
Search
K
Links

RapidFort AWS Prerequisites

Set up AWS prerequisites for RapidFort

AWS Prerequisites

Before deploying RapidFort in your AWS environment, please set up the following:
  • S3 Bucket for RapidFort data
  • IAM User OR IAM EC2 Role
    • The user or role must have Read/List/Write/Delete permissions for the RapidFort S3 bucket
    • If using a role, the policy attached to the role must grant permissions to assume the role (sts:AssumeRole)
In addition to setting up an S3 bucket and IAM User or IAM EC2 Role, please verify that the environment in which RapidFort will be deployed has HTTPS access to the environment in which your container images will be deployed and tested (for example, Docker-Compose, Kubernetes, Amazon EKS, AWS Fargate, and so forth). Runtime tracing of stub images requires HTTPS access to the RapidFort server.

S3 Bucket

Create an S3 bucket (for example, rapidfort-s3) in the same region in which the RapidFort application will be deployed.
Make a note of the S3 bucket ARN and name.
  • Example: AWS Commercial
    • ARN: arn:aws:s3:::rapidfort-s3
    • Name: rapidfort-s3
  • Example: AWS GovCloud
    • ARN: arn:aws-gov:s3:::rapidfort-s3
    • Name: rapidfort-s3

IAM

RapidFort needs Read/List/Write/Delete permissions for the S3 bucket.
You may either create an IAM User or IAM EC2 Role and attach a policy.
Sample JSON policies are provided for your reference. Please contact your AWS Solutions architect if your environment has additional requirements.
IAM User
IAM EC2 Role

IAM User

In this section, we will configure an IAM User.
Please refer to the IAM EC2 Role tab for information on how to configure an IAM EC2 Role.

Create an IAM User

Create a RapidFort IAM user (for example, rapidfort-user). The RapidFort user does not need access to the AWS Console.
Generate and download AWS credentials (AWS Access Key ID and AWS Secret Access Key) for the RapidFort user.

Create an IAM EC2 Policy

Replace the S3 bucket name in the sample JSON code below.

Attach the Policy to the User

Attach the policy to the user created in the previous step.

IAM EC2 Policy Sample JSON

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"<S3_BUCKET_ARN>",
"<S3_BUCKET_ARN>/*"
]
}
]
}

IAM EC2 Policy Example (AWS Commercial)

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::rapidfort-s3",
"arn:aws:s3:::rapidfort-s3/*"
]
}
]
}

IAM EC2 Policy Example (AWS GovCloud)

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws-gov:s3:::rapidfort-s3",
"arn:aws-gov:s3:::rapidfort-s3/*"
]
}
]
}

IAM EC2 Role

In this section, we will configure an IAM EC2 Role.
Please refer to the IAM User tab for information on how to configure an IAM User.

Create an IAM EC2 Role

Create an IAM EC2 role (e.g. rapidfort-role). Do not attach a policy to the role yet.
Make a note of the IAM Role ARN (for example, arn:aws:iam::012345678910:role/rapidfort-role or arn:aws-gov:iam::012345678910:role/rapidfort-role).

Create an IAM EC2 Policy

Create an IAM EC2 policy (e.g. rapidfort-policy).
Replace the S3 bucket name and the IAM EC2 role ARN in the sample JSON code below.

Attach the Policy to the Role

Attach the policy to the role created in the previous step.

IAM EC2 Policy Sample JSON

Please note that the policy must grant permissions to assume the role (sts:AssumeRole).
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"<S3_BUCKET_ARN>",
"<S3_BUCKET_ARN>/*"
]
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "<ROLE_ARN>"
}
]
}

IAM EC2 Policy Example (AWS Commercial)

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::rapidfort-s3",
"arn:aws:s3:::rapidfort-s3/*"
]
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::012345678910:role/rapidfort-role"
}
]
}

IAM EC2 Policy Example (AWS GovCloud)

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:DescribeJob",
"s3:ListBucket"
],
"Resource": [
"arn:aws-gov:s3:::rapidfort-s3",
"arn:aws-gov:s3:::rapidfort-s3/*"
]
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws-gov:iam::012345678910:role/rapidfort-role"
}
]
}

Review

You should now have the following:
  • RapidFort S3 Bucket
    • ARN (e.g. arn:aws:s3:::rapidfort-s3)
    • Name (e.g. rapidfort-s3)
  • IAM User OR IAM EC2 Role
    • IAM User
      • AWS Access Key ID
      • AWS Secret Access Key
      • Read/List/Write/Delete permissions for the RapidFort S3 Bucket
    • IAM EC2 Role and Policy that grants
      • Read/List/Write/Delete permissions for the RapidFort S3 Bucket
      • Permissions to assume the role
RapidFort On-Premises - Previous
RapidFort AWS Deployment
Next - RapidFort On-Premises
RapidFort Helm Chart AWS Deployment
Last modified 8mo ago