Amazon Web Services (AWS)

AWS CLI

This CLI is able to sync assets and findings from the AWS Security Hub to RegScale. The finding data will be converted to RegScale security checks at the asset level, and then rolled up to the security plan.

Authentication

There is no init.yaml configuration for this integration. The AWS functionality authenticates with Amazon with either a credentials file or via environment variables.

Example Credentials File

/path/to/user/folder/.aws/credentials

        [default]
        aws_access_key_id = ACCESSKEYHERE
        aws_secret_access_key = SECRETKEYHERE

Example Environment variables

The user may also forgo creating a credentials file and use environment variables to authenticate with AWS.

• AWS_ACCESS_KEY_ID - The access key for your AWS account.
• AWS_SECRET_ACCESS_KEY - The secret key for your AWS account.

See AWS documentation for more authentication information

AWS Security Hub Workfow

1. Update AWS configuration information (see above).
2. Make sure a RegScale security plan is available and populated with control implementations.
3. Use the following command to populate your RegScale SSP with AWS assets and findings.
   -- aws AWS CLI Integration
   - sync_findings
   - Fetch AWS Security Hub assets and findings to a RegScale security plan.
   - The finding data will be converted to RegScale security checks at the asset level, and then rolled up to the security plan.
   - These findings will cause a linked control implementation to be Not Implemented.
   - --regscale_ssp_id - The ID of the RegScale Security Plan
   - --create_issue - Create RegScale issues for [Low, Medium, High, or Critical] findings.

Example Commands

• regscale aws sync_findings --regscale_ssp_id 264 --create_issue 1