Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > AutoScaling >

Web-Tier Launch Configurations IAM Roles

MEDIUM
Source
CloudSploit
ID
web-tier-launch-configurations-iam-roles
management console

Web-Tier Launch Configurations IAM Roles

Ensures that Web-Tier Auto Scaling launch configuration is configured to use a customer created IAM role.

Web-Tier Auto Scaling launch configuration should have a customer created Web-Tier IAM role to provide necessary credentials to access AWS services.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for EC2. Step

  3. In the EC2 Management console, scroll down and click on the “Launch Configurations” at the bottom.Step

  4. On the “Launch Configuration” page, Select the Launch Configuration which needs to be checked for IAM role.Step

  5. On the “Launch configurations” page, scroll down and under the Details check the value of the IAM Instance Profile.If the IAM Instance Profile is blank then the selected Launch Configuration group is not configured to use a customer created IAM role.Step

  6. Repeat steps number 2 - 5 to check other groups in the account.

  7. Navigate to IAM dashboard at https://console.aws.amazon.com/iam/.

  8. In the “IAM dashboard”, click on the “Roles” option at the left navigation panel.Step

  9. Click on the “Create Role” button to create a new IAM role.Step

  10. On the “Create role page”, select type of trusted entity as “AWS” and and choose EC2 from Choose the service that will use this role list.Click on the next “Permissions” button.Step

  11. On the “Permissions” panel, select the “AmazonEC2FullAccess”, select one or more policies from the list, then click Next: Tags button to continue the setup process.Step

  12. On the “Add tags” page, add the tag as per the requirement and click on the “Next: Review” button.Step

  13. Enter the “Role Name” and click on the “Create Role” button to complete the process.Step

  14. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.![Step](/resources/aws/autoscaling/web-tier-launch-configurations-iam-roles/step14.png)

  15. In the left navigation panel, choose “Launch Configuration” and select the ASG launch configuration that need to modify.Step

  16. On the “Launch Configuration” page, scroll down and click on the “Copy launch configuration” button.Step

  17. On the “Create launch configuration” page, scroll down and select the “IAM instance profile” from the dropdown under the Additional configuration.Step

  18. Click on the “Create launch configuration” button at the bottom to make the changes.Step

  19. Repeat steps number 8 - 18 to update Web-Tier Auto Scaling launch configuration and attach a customer created App-Tier IAM role.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use