Amazon AWS
- Jonas Gonzalez
Amazon Web Services (AWS) is a subsidiary of Amazon.com that provides on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis.
Connect Amazon AWS with Devo SOAR
Navigate to Automations > Integrations.
Search for Amazon AWS.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
AWS Region: Provide a valid Region for accessing AWS API. For example, us-west-1.
AWS Access Key: To access AWS API, provide a valid Access Key.
AWS Secret Key: To access AWS API, provide a valid Secret Key.
After you've entered all the details, click Connect.
Actions for Amazon AWS
IP Address Ranges
Action will get the range of IP Addresses.
Input Field
Choose a connection that you have previously created to complete the connection.
Output
A JSON object containing multiple rows of results:
has_error: True/False
error: message/null
result: IP Address ranges
``` {json}{ "syncToken": "1613086452", "createDate": "2021-02-11-23-34-12", "prefixes": [ { "ip_prefix": "3.5.140.0/22", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, { "ip_prefix": "15.230.56.104/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, { "ip_prefix": "52.93.153.170/32", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" },
## User Details
Action will get the user details of provided username.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------------------- | :-------------------------------------------------------------------------------------- | :------- |
| Username | Column name from parent table that contains the username. | Required |
| Display Attached Items | Select option True/False to display attached items to this IAM user (default is False). | Optional |
### Output
A JSON object containing multiple rows of results:
- has_error: True/False
- error: message/null
- result: User details.
``` {json}{
"Arn": "arn:aws:iam::273248288272:user/indrajeet",
"CreateDate": "2020-02-20 11:11:58+00:00",
"PasswordLastUsed": "2021-02-19 14:35:01+00:00",
"Path": "/",
"UserId": "AIDAT7HW57YIPXU2NSZPB",
"UserName": "indrajeet",
"access_keys": [
{
"AccessKeyId": "AKIAT7HW57YIKOZKHAME",
"CreateDate": "2020-02-20 11:12:00+00:00",
"Status": "Active",
"UserName": "indrajeet"
},
{
"AccessKeyId": "AKIAT7HW57YILHERPDXV",
"CreateDate": "2020-06-01 13:39:47+00:00",
"Status": "Active",
"UserName": "indrajeet"
}
],
"attached_policies": [],
"git_creds": [],
"groups": [
{
"Arn": "arn:aws:iam::273248288272:group/administrator",
"CreateDate": "2020-01-15 00:12:01+00:00",
"GroupId": "AGPAT7HW57YIGCWTILAJL",
"GroupName": "administrator",
"Path": "/"
}
],
"login_profile": {
"CreateDate": "2020-02-20 11:12:00+00:00",
"PasswordResetRequired": false,
"UserName": "indrajeet"
},
"mfa_devices": [
{
"EnableDate": "2020-12-14 09:54:39+00:00",
"SerialNumber": "arn:aws:iam::273248288272:mfa/indrajeet",
"UserName": "indrajeet"
}
],
"signing_certs": [],
"ssh_pub_keys": [],
"user_policies": []
}Allow/Deny IP to Network ACL
Action will allow/deny IP to Network ACL.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Network ACL ID | Column name that contains network ACL ID. | Required |
Rule No. | Column name that contains rule number. | Required |
Cidr Block | Column name that contains CIDR Block. | Required |
From Port | Column name that contains from the port. | Required |
To Port | Column name that contains to port. | Required |
Rule Action | Action to determine to allow/deny IP to Network ACL. | Required |
Protocol | Column name that contains protocol information. | Required |
ICMP protocol code | Column name that contains protocol code information, Required in case of ICMP. | Required |
ICMP protocol type | Column name that contains protocol type information, Required in case of ICMP. | Required |
Output
A JSON object containing multiple rows of results:
has_error: True/False
error: message/null
result: Rule added to AWS Network ACL.
Delete IAM User
Action will delete provided users identified by usernames along with their attached items. See Delete User.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Descrition | Required |
|---|---|---|
Username | Column name from parent table that contains the username. | Required |
Output
A JSON object containing multiple rows of results:
has_error: True/False
error: message/null
msg: User XYZ has been deleted from IAM (if successful)
{json}{
"error": "Could not delete user indrajeet\nClientError('An error occurred (AccessDenied) when calling the DeleteLoginProfile operation: User: arn:aws:iam::827505017847:user/ec2-read-only is not authorized to perform: iam:DeleteLoginProfile on resource: user indrajeet')",
"has_error": true
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystem