Aqua CSPM

App-Tier Launch Configurations IAM Roles

Quick Info

Plugin TitleApp-Tier Launch Configurations IAM Roles
CloudAWS
CategoryAutoScaling
DescriptionEnsures that App-Tier Auto Scaling launch configuration is configured to use a customer created IAM role.
More InfoApp-Tier Auto Scaling launch configuration should have a customer created App-Tier IAM role to provide necessary credentials to access AWS services.
AWS Linkhttps://docs.aws.amazon.com/autoscaling/ec2/userguide/us-iam-role.html
Recommended ActionUpdate App-Tier Auto Scaling launch configuration and attach a customer created App-Tier IAM role

Detailed Remediation Steps

  1. Log in to the AWS Management Console.
  2. Select the “Services” option and search for EC2.
  3. In the EC2 Management console, scroll down and click on the “Launch Configurations” at the bottom.
  4. On the “Launch Configuration” page, Select the Launch Configuration which needs to be checked for IAM role.
  5. On the “Launch configurations” page, scroll down and under the Details check the value of the IAM Instance Profile.If the IAM Instance Profile is blank then the selected Launch Configuration group is not configured to use a customer created IAM role.
  6. Repeat steps number 2 - 5 to check other groups in the account.
  7. Navigate to IAM dashboard at https://console.aws.amazon.com/iam/.
  8. In the “IAM dashboard”, click on the “Roles” option at the left navigation panel.
  9. Click on the “Create Role” button to create a new IAM role.
  10. On the “Create role page”, select type of trusted entity as “AWS” and and choose EC2 from Choose the service that will use this role list. Click on the next “Permissions” button.
  11. On the “Permissions” panel, select the “AmazonEC2FullAccess”, select one or more policies from the list, then click Next: Tags button to continue the setup process.
  12. On the “Add tags” page, add the tag as per the requirement and click on the “Next: Review” button.
  13. Enter the “Role Name” and click on the “Create Role” button to complete the process.
  14. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
  15. In the left navigation panel, choose “Launch Configuration” and select the ASG launch configuration that need to modify.
  16. On the “Launch Configuration” page, scroll down and click on the “Copy launch configuration” button.
  17. On the “Create launch configuration” page, scroll down and select the “IAM instance profile” from the dropdown under the Additional configuration.
  18. Click on the “Create launch configuration” button at the bottom to make the changes.
  19. Repeat steps number 8 - 18 to update App-Tier Auto Scaling launch configuration and attach a customer created App-Tier IAM role.