Like other aspects of Aqua Wave CSPM, all Remediation actions are driven by REST APIs, including the onboarding. Because the process of deploying the remediator is slightly more complex than the standard audit role, this guide will walk you through the steps.
Pre-Requisites
- The Remediator CloudFormation stack URL: https://s3.amazonaws.com/cloudsploit-remediation-resources/production/aws/cloudformation-template-remediator.json
- An API key for accessing the Aqua Wave API
- For Automated Remediations to function, you must also deploy the Real-Time Events feature of Aqua Wave.
Fetch The Required Secrets
For each AWS account you wish to onboard, you will need:
- A pre-generated external ID (note: each generated ID is only valid for 1 cloud connection. If you wish to connect multiple accounts, you must request multiple generated IDs).
- A pre-generated OTP secret (note: you can generate these yourself, but we strongly recommend using our helper API, which allows you to generate up to 50 secrets at once).
To get these, use the following endpoints:
Deploy the CloudFormation Stack
Use the link above to deploy the CloudFormation stack in your environment. Use the following settings:
- "Type" - Choose "Automated" or "Manual" accordingly
- "ExternalID" - Enter the external ID fetched above
- "TokenCode" - (Manual only) Enter any random 6 digit number
- "MFASecret" - (Automated only) Enter the OTP secret fetched above
PUT the Remediator to Aqua Wave
Once the stack finishes creating, you will need the role ARN (available in the stack outputs), external ID, and version (available in the stack parameters) for the stack you just deployed. Then, use the following API: "Aqua Wave Keys PUT."
(Note: On the right side of the API docs, scroll down to the second request titled "Connecting a Remediator".