Configuring AWS IAM Identities

In AWS Identity and Access Management (IAM), an identity represents a human user or programmatic workload that can be authenticated and authorized to perform actions in AWS. The Wazuh module for AWS requires authentication and authorization through an IAM identity to integrate with supported AWS services.

In the following sections, we describe how to create an IAM user group, how to create an AWS IAM user with access credentials, and how to add the user to the group.

Creating an IAM user group

  1. Create a user group that an AWS IAM user will be added to.

    1. On the AWS console, search for iam and click IAM from the results.

      Find IAM

    2. Go to User groups and click Create group to create a new group.

      Click Create group

    3. Assign a name for the group, scroll down, and click Create group.

      Click Create group 2
      Click Create group 3

    4. Confirm the group has been successfully created.

      Confirm group creation

Creating an IAM user

Wazuh requires an AWS IAM user with the necessary permissions to collect log data from the different AWS services. We show below how to create a new IAM user in your AWS environment and obtain the access credentials.

  1. Create a new IAM user and add it to a user group:

    1. On your AWS console, navigate to Services > IAM > Users > Create user.

      Create IAM user

    2. Assign a username and click Next.

      Create IAM user

    3. Assign the user to the previously created group and click Next to proceed.

      Add user to group

    4. Review the selected options and click Create user.

      Click Create user

    5. Confirm the user creation

      Confirm user creation

  2. Obtain the necessary access credentials for the IAM user.

    1. Click on the created IAM user, go to Security credentials, scroll down to Access keys, and click Create access key.

      Create access key

    2. Select and confirm the Command Line Interface (CLI) use case and click Next.

      Command Line Interface selection

    3. Assign a description tag value and click Create access key.

      Create access key

    4. Save the access credentials, you will use them later to configure the Wazuh module for AWS. If you don't copy the credentials before you click Done, you cannot recover it later. However, you can create a new secret access key.

      Save access keys

Depending on the service that will be monitored, the AWS IAM user will need a different set of permissions. The permissions required for each service are explained on each page of the supported services listed in the supported services section.