Skip to main content

Connect an AWS account with Terraform

Overview

This documentation article provides a step-by-step guide to establish a connection between your Amazon Web Services (AWS) account and the Upwind platform.

By establishing this connection, you enable Upwind to detect Kubernetes clusters and cloud resources within your AWS account, integrate it with the Upwind platform, and gain access to AWS APIs. This access enables the collection of contextual information, which enriches Detections and Findings of security threats in your environment.

To facilitate this process, we will utilize Terraform, an infrastructure-as-code tool. Through Terraform, we will create the resources and configurations necessary for establishing the connection between AWS and the Upwind platform.

Prerequisites

Before proceeding, ensure that you have the following prerequisites in place:

  1. AWS Account: You should have an AWS account with administrative privileges to create and manage resources, such as IAM roles and policies.
  2. Terraform: Ensure that Terraform is installed. You can download the latest version of Terraform from the official website. Follow the installation instructions specific to your operating system.

Setup

Console

note

If you already possess a pre-existing account-type credential, you may reuse it and proceed directly to step 2.

  1. Create Cloud Credentials: Log in to the Upwind console. Select Amazon Web Services, and click on Generate cloud account credentials to obtain the values for the upwind_client_id and upwind_client_secret variables.

  2. Initialize Terraform: Create a new directory for your Terraform project and navigate to it in your terminal. Inside the project directory, create a new file named main.tf to hold the Terraform configuration. Copy or download the code snippet from the Upwind console and paste it into main.tf.
    Run the following command to initialize Terraform within the project directory:

    terraform init

  3. Apply Terraform Configuration: Run the following command to apply the Terraform configuration and create the necessary resources:

    terraform apply

    Review the changes that Terraform plans to make and enter yes when prompted to confirm the changes. Terraform will create the connection between your AWS account and Upwind based on the provided configuration.

  4. Return to the Upwind console: Once the terraform apply command has successfully executed, the connection should be established within a few moments. A success message will appear in the console to indicate the successful account connection.

Manual

note

If you already possess a pre-existing account-type credential, you may reuse it and proceed directly to step 2.

  1. Create Cloud Credentials: Log in to the Upwind console and generate a new cloud credential. Select Cloud Account, and click on Generate to obtain the values for the upwind_client_id and upwind_client_secret variables.

  2. Initialize Terraform: Create a new directory for your Terraform project and navigate to it in your terminal. Inside the project directory, create a new file named main.tf or open an existing file to hold the Terraform configuration:

    module "upwind_integration_aws_account" {
       source = "https://terraform.upwind.io/modules/integrations/aws-account-0.2.0.tar.gz"

       upwind_client_id       = ""
       upwind_client_secret   = ""
       upwind_organization_id = ""
    }

    Run the following command to initialize Terraform within the project directory:

    terraform init

  3. Apply Terraform Configuration: Run the following command to apply the Terraform configuration and create the necessary resources:

    terraform apply

    Review the changes that Terraform plans to make and enter yes when prompted to confirm the changes. Terraform will create the connection between your AWS account and Upwind based on the provided configuration.

  4. Return to the Upwind console: Once the terraform apply command has successfully executed, the connection should be established within a few moments. A success message will appear in the console to indicate the successful account connection.

Troubleshooting

If you encounter any issues during the process of establishing a connection between your AWS account and Upwind using Terraform, consider the following troubleshooting steps:

  1. AWS Account ID: Verify that the AWS account ID linked to the current AWS credentials matches the ID of the intended AWS account you are trying to connect to Upwind.

  2. Client Credentials: Verify that the client credentials for Upwind (upwind_client_id and upwind_client_secret) are accurate. Make sure there are no typos or incorrect values.

  3. Authentication Errors: Verify that the aws provider is configured correctly in your Terraform configuration by verifying the credentials.

  4. Insufficient Permissions: Verify that the aws provider is configured with credentials from a user or IAM role that has the required permissions.

  5. Terraform Version Compatibility: Verify that your Terraform version is compatible with the required version. Refer to the provider documentation or release notes for compatibility details. Consider updating Terraform to the latest stable version.

  6. Error Messages and Logs: Pay attention to any error messages or logs displayed during the terraform apply command. They can provide valuable insights into the specific issue you are facing. Look for any specific error codes or descriptions that can guide your troubleshooting process.

If you are still unable to resolve the issue after following these troubleshooting steps, please initiate a chat with us in the Upwind console at https://console.upwind.io. The chat support is available 24/7.

Next Steps

After establishing a connection to your AWS account, Upwind will discover any EC2 instances or Kubernetes clusters within your account and label them as Unconnected.

To connect a Kubernetes cluster with Upwind, follow the instructions provided on the Connect a Kubernetes cluster page.

To connect a Linux host with Upwind, follow the instructions provided on the Connect a Linux host page.