The AWS integration options are listed below.
AWS Read Access: allows Bridgecrew to perform read-only API calls.
AWS CloudTrail: allows Bridgecrew to pull CloudTrail log data and perform read-only API calls.
AWS Write Access: allows Bridgecrew to remediate policy violations by modifying the configuration of your cloud environment.
The diagram below illustrates the Bridgecrew - AWS Write Access flow.
For full Bridgecrew functionality, we recommend using the integration options for AWS Cloudtrail and AWS Write Access.
After signing up, you will be shown a Product Tour which will lead you to the Integrations tab.
- Select an option from the menu (AWS Cloudtrail, AWS Write Access, AWS Read Access).
- Press Add Account.
You will be prompted to create a CloudFormation template. The form is already populated with Bridgecrew connection details.
- Select the checkbox next to "I acknowledge..." to permit creation of IAM resources.
- Press Create Stack.
If you do not set up Write Access, you will be prompted to do so the first time you attempt to Remediate a violation via Playbook; see Step 4: Investigate Incidents.
From time to time, you may be prompted to redeploy the CloudFormation stack to provide additional roles required for performing to perform remediation.
Updated about 2 years ago