Document toolboxDocument toolbox

Amazon AWS

Owned by Anthony Shevlin (Deactivated)
Jan 09, 2024
4 min read

Amazon Web Services (AWS) is a subsidiary of http://Amazon.com that provides on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis.

Connect Amazon AWS with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Amazon AWS.

  3. Click Details, then the + icon. Enter the required information in the following fields.

    • Label: Enter a connection name.

    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input.

    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

    • Remote Agent: Run this integration using the Devo SOAR Remote Agent.

    • AWS Region: Provide a valid Region for accessing AWS API. For example, us-west-1.

    • AWS Access Key: To access AWS API, provide a valid Access Key.

    • AWS Secret Key: To access AWS API, provide a valid Secret Key.

  4. After you've entered all the details, click Connect.

Actions for Amazon AWS

IP Address Ranges

Action will get the range of IP Addresses.

Input Field

Choose a connection that you have previously created to complete the connection.

Output

A JSON object containing multiple rows of results:

  • has_error: True/False

  • error: message/null

  • result: IP Address ranges

JSON

{ "syncToken": "1613086452", "createDate": "2021-02-11-23-34-12", "prefixes": [ { "ip_prefix": "3.5.140.0/22", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, { "ip_prefix": "15.230.56.104/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, { "ip_prefix": "52.93.153.170/32", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" },

User Details

Action will get the user details of provided username.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Username

Column name from parent table that contains the username.

Required

Display Attached Items

Select option True/False to display attached items to this IAM user (default is False).

Optional

Output

A JSON object containing multiple rows of results:

  • has_error: True/False

  • error: message/null

  • result: User details.

JSON

{ "Arn": "arn:aws:iam::273248288272:user/indrajeet", "CreateDate": "2020-02-20 11:11:58+00:00", "PasswordLastUsed": "2021-02-19 14:35:01+00:00", "Path": "/", "UserId": "AIDAT7HW57YIPXU2NSZPB", "UserName": "indrajeet", "access_keys": [ { "AccessKeyId": "AKIAT7HW57YIKOZKHAME", "CreateDate": "2020-02-20 11:12:00+00:00", "Status": "Active", "UserName": "indrajeet" }, { "AccessKeyId": "AKIAT7HW57YILHERPDXV", "CreateDate": "2020-06-01 13:39:47+00:00", "Status": "Active", "UserName": "indrajeet" } ], "attached_policies": [], "git_creds": [], "groups": [ { "Arn": "arn:aws:iam::273248288272:group/administrator", "CreateDate": "2020-01-15 00:12:01+00:00", "GroupId": "AGPAT7HW57YIGCWTILAJL", "GroupName": "administrator", "Path": "/" } ], "login_profile": { "CreateDate": "2020-02-20 11:12:00+00:00", "PasswordResetRequired": false, "UserName": "indrajeet" }, "mfa_devices": [ { "EnableDate": "2020-12-14 09:54:39+00:00", "SerialNumber": "arn:aws:iam::273248288272:mfa/indrajeet", "UserName": "indrajeet" } ], "signing_certs": [], "ssh_pub_keys": [], "user_policies": [] }

Allow/Deny IP to Network ACL

Action will allow/deny IP to Network ACL.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Network ACL ID

Column name that contains network ACL ID.

Required

Rule No.

Column name that contains rule number.

Required

Cidr Block

Column name that contains CIDR Block.

Required

From Port

Column name that contains from the port.

Required

To Port

Column name that contains to port.

Required

Rule Action

Action to determine to allow/deny IP to Network ACL.

Required

Protocol

Column name that contains protocol information.

Required

ICMP protocol code

Column name that contains protocol code information, Required in case of ICMP.

Required

ICMP protocol type

Column name that contains protocol type information, Required in case of ICMP.

Required

Output

A JSON object containing multiple rows of results:

  • has_error: True/False

  • error: message/null

  • result: Rule added to AWS Network ACL.

Delete IAM User

Action will delete provided users identified by usernames along with their attached items.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Username

Column name from parent table that contains the username.

Required

Output

A JSON object containing multiple rows of results:

  • has_error: True/False

  • error: message/null

  • msg: User XYZ has been deleted from IAM (if successful)

JSON

{ "error": "Could not delete user indrajeet\nClientError('An error occurred (AccessDenied) when calling the DeleteLoginProfile operation: User: arn:aws:iam::827505017847:user/ec2-read-only is not authorized to perform: iam:DeleteLoginProfile on resource: user indrajeet')", "has_error": true }

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem