AWS

Set up AWS for automated tests with TrustCloud

TrustCloud’s API-based integrations map seamlessly to your frameworks and controls to power automated evidence collection, continuous monitoring, and predictive risk analysis. Let’s explore how you can set up AWS for automated tests.

By granting TrustCloud limited access to metadata through a service principal account, you can ensure that your systems remain compliant with your adopted controls. TrustCloud’s focus on trust, security, and simplifying compliance makes it a valuable asset in the GRC landscape.

Read our GRC Launchpad article: Integrations to learn more.

Explore 100+ evidence collection integrations to power evidence collection and real-time risk analysis.

Purpose

Once you set up your compliance TrustCloud program, TrustOps works to ensure that your systems remain compliant with your adopted controls. To do so, TrustCloud runs automated tests against systems in your product and business stack and verifies that they are properly configured.

This document outlines the steps you can take to grant TrustCloud access to only read metadata about the configuration settings for your AWS account so that TrustCloud can validate and generate evidence for your compliance program.

Instructions to grant TrustCloud limited access to AWS

1. Access can be granted through CloudFormation using the link found in your TrustOps account to create an AWS connection:
   The link includes a URL for a CloudFormation template as well as TrustCloud’s account ID so only TrustCloud can assume this role. If you inspect the CloudFormation template, it only adds two policies: SecurityAudit and ViewOnlyAccess. Both those policies are AWS-managed and are designed specifically for the purpose of helping security audits. These policies do not grant any data-related permissions. TrustCloud can only inspect your metadata and configurations.
2. Under the ‘Capabilities’ section, check the box that says “I acknowledge that AWS CloudFormation might create IAM resources with custom names”, then click on the “Create Stack” button.
3. Once stack creation is complete, click on the ‘Outputs’ tab. The two key/value pairs will be used to set up the connection in TrustOps. These contain your account ID, allowing TrustOps to assume the role.
   The following screenshot shows the TrustCloud integration with AWS.
   
   

Adding multiple accounts

Users can now add multiple accounts to connect with AWS, streamlining the management of multiple environments. This new feature allows organizations to easily monitor and control their resources from a single interface, enhancing efficiency and simplifying the integration management process.

To add account,

1. Go to your TrustCloud program.
2. Click on the “Integrations” from left-hand side menu.
3. Click on “My Integrations”.
4. Search for “AWS” in search bar and click on the AWS card.
   
5. Click on the “Add Account” button from the left-hand side menu.
   
6. Enter all the information as per the setup guide.
7. Click on the “Test Connection” button to verify if the connection is established.
8. Once the connection is successful, click on the “Connect to AWS” button.

Additional Information

The following links to documentation help explain how the access mechanism works and the purpose of the external ID value.

1. Providing access to AWS accounts owned by third parties
2. How to use an external ID when granting access to your AWS resources to a third party

Read more about Integrations which are built-in connectors between TrustCloud and an external SaaS service that run tests and pull inventories from the service.

Have a question?

Join our TrustCommunity to learn about security, privacy, governance, risk and compliance, collaborate with your peers, and share and review the trust posture of companies that value trust and transparency!