AWS EC2

Overview

Amazon Elastic Compute Cloud (EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers by providing a simple web service interface that allows you to obtain and configure capacity with minimal friction.

• Vendor: Amazon
• Product: AWS EC2
• Supported environment: Cloud

Configure

How to create an IAM account with proper permissions

To connect AWS EC2 to Sekoia.io, you need to create an IAM user with the necessary permissions to access EC2 instances. Follow these steps:

1. Sign in to the AWS Management Console and navigate to the IAM service.

   

2. Click Users in the left navigation pane, then click Create user.

   

3. Enter a username for the IAM user (e.g., sekoia-ec2-reader) and click Next.

   

4. In the Set permissions step, select Attach policies directly and search for the following policies:

   • AmazonEC2ReadOnlyAccess (for basic EC2 read access)
   • AmazonEC2FullAccess (if you need full EC2 access)

   Warning

   • Granting AmazonEC2FullAccess provides extensive permissions that may pose security risks. Only use it if absolutely necessary and ensure to follow the principle of least privilege.
   • Do not attach both policies to the same user, as this could lead to permission conflicts.

   

5. Click Next to review, then click Create user.

How to generate access keys

After creating the IAM user, you need to generate access keys for programmatic access:

1. Click on the created user name to open the user details page.

2. Click the Create an access key button.

   

3. Select Application running outside AWS as the use case and click Next.

   

4. Add a description tag (optional) and click Create access key.

   

5. Copy the Access key ID and Secret access key to a safe location. You'll need these credentials to configure the connector in Sekoia.io.

   

Warning

• The secret access key is only shown when you create it. If you lose it, you must create a new access key.
• Store these credentials securely and never share them publicly.
• Consider rotating access keys regularly for security best practices.

Required IAM permissions

The IAM user must have the following permissions to successfully fetch EC2 devices:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeImages",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets",
                "ec2:DescribeVolumes",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeTags"
            ],
            "Resource": "*"
        }
    ]
}

Supported AWS regions

The AWS EC2 connector supports all AWS regions where EC2 is available. Common regions include:

• US East (N. Virginia): us-east-1
• US West (Oregon): us-west-2
• Europe (Ireland): eu-west-1
• Europe (London): eu-west-2
• Asia Pacific (Tokyo): ap-northeast-1
• Asia Pacific (Singapore): ap-southeast-1

For a complete list of available regions, refer to the AWS Global Infrastructure documentation.

Create your asset

To start getting your AWS EC2 instances into Sekoia.io, you need to create an asset connector on the Assets page. To do so, follow these steps:

1. Click the Asset connectors button to create a new connector.

   

2. Click the + New connector button.

   

3. Choose AWS devices, give it a name, and fill the required fields:

   

4. Enter the following information:

5. Access Key ID: The access key ID from your IAM user
6. Secret Access Key: The secret access key from your IAM user

7. Region: The AWS region where your EC2 instances are located (e.g., us-east-1)

8. Test the connection by clicking the Test connector button.

   

9. Click the Create asset connector button.

Further Reading

• AWS EC2 Documentation
• AWS IAM User Guide
• AWS EC2 API Reference
• AWS Global Infrastructure