Spyderbat AWS Agent

Overview of the AWS Agent, deployment options and how to get started

The Spyderbat AWS Agent enables AWS Context Integration in the Spyderbat Platform. This integration provides a comprehensive view of cloud assets and IAM configurations, enhancing the ability to detect and investigate potential security incidents.

For an overview of the AWS Agent and its role in the Spyderbat Platform, refer to the .

Permissions Required by the Spyderbat AWS Agent

To function effectively, the Spyderbat AWS Agent requires specific permissions to collect data from AWS APIs. Below are the key permissions grouped by AWS services:

EC2:
- ec2:Describe*
EKS:
- eks:List*
- eks:Describe*
IAM Roles and Policies:
- iam:Get*
- iam:List*
- iam:Put*
STS (Security Token Service):
- sts:AssumeRole
- sts:AssumeRoleWithWebIdentity

The agent also supports consuming configured secrets (registration key) in AWS Secrets Manager - which would require an extra permission to access the configured secret arn.

Permissions are configured using a custom AWS policy attached to the IAM Role that the AWS Agent assumes. How the agent assumes this role depends on the deployment options and is discussed in the more detailed deployment guides.

Deployment Options for the AWS Agent

Spyderbat offers multiple deployment options for the AWS Agent to suit different environments and requirements. Below are the currently available deployment methods:

Hosted on an AWS VM: You can deploy the AWS Agent on a virtual machine within your AWS account. This option gives you full control over the agent and its environment.
Hosted on a Kubernetes Cluster: The AWS Agent can be deployed as a Kubernetes pod within a cluster. This is suitable for users who want to integrate AWS context alongside their Kubernetes workloads.

For detailed installation instructions for each deployment option, refer to the respective guides:

Getting Started with the AWS Agent

To begin using the Spyderbat AWS Agent:

Choose a Deployment Method: Decide whether to deploy the agent on an AWS VM, a Kubernetes cluster, or use the hosted option.
Deploy the Agent: Follow the instructions in the relevant deployment guide to deploy the AWS Agent.

Once deployed, the agent will start collecting cloud context and feeding it to the Spyderbat Platform, where it can be used for enhanced visibility, detection, and investigation.

Last updated 4 months ago

Was this helpful?

Permissions Required by the Spyderbat AWS Agent

To function effectively, the Spyderbat AWS Agent requires specific permissions to collect data from AWS APIs. Below are the key permissions grouped by AWS services:

EC2:

ec2:Describe*

EKS:

eks:List*
eks:Describe*

IAM Roles and Policies:

iam:Get*
iam:List*
iam:Put*

STS (Security Token Service):

sts:AssumeRole
sts:AssumeRoleWithWebIdentity

The agent also supports consuming configured secrets (registration key) in AWS Secrets Manager - which would require an extra permission to access the configured secret arn.

Deployment Options for the AWS Agent

Spyderbat offers multiple deployment options for the AWS Agent to suit different environments and requirements. Below are the currently available deployment methods:

Hosted on an AWS VM: You can deploy the AWS Agent on a virtual machine within your AWS account. This option gives you full control over the agent and its environment.

Hosted on a Kubernetes Cluster: The AWS Agent can be deployed as a Kubernetes pod within a cluster. This is suitable for users who want to integrate AWS context alongside their Kubernetes workloads.

For detailed installation instructions for each deployment option, refer to the respective guides:

Getting Started with the AWS Agent

To begin using the Spyderbat AWS Agent:

Choose a Deployment Method: Decide whether to deploy the agent on an AWS VM, a Kubernetes cluster, or use the hosted option.

Deploy the Agent: Follow the instructions in the relevant deployment guide to deploy the AWS Agent.

Once deployed, the agent will start collecting cloud context and feeding it to the Spyderbat Platform, where it can be used for enhanced visibility, detection, and investigation.