Skip to main content

Connect an AWS account with Terraform

Overview

This documentation article provides a step-by-step guide to establish a connection between your Amazon Web Services (AWS) account and the Upwind platform.

By establishing this connection, you enable Upwind to detect Kubernetes clusters and cloud resources within your AWS account, integrate it with the Upwind platform, and gain access to AWS APIs. This access enables the collection of contextual information, which enriches Detections and Findings of security threats in your environment.

To facilitate this process, we will utilize Terraform, an infrastructure-as-code tool. Through Terraform, we will create the resources and configurations necessary for establishing the connection between AWS and the Upwind platform.

Prerequisites

Before proceeding, ensure that you have the following prerequisites in place:

  1. AWS Account: You should have an AWS account with administrative privileges to create and manage resources, such as IAM roles and policies.
  2. Terraform: Ensure that Terraform is installed. You can download the latest version of Terraform from the official website. Follow the installation instructions specific to your operating system.

Setup

note

If you already possess a pre-existing account-type credential, you may reuse it and proceed directly to step 6.

  1. Log in to the Upwind Management Console .

  2. Navigate to the Inventory page and access the Accounts section.

  3. Click on the Connect account button located in the top-right corner of the page, and select Amazon Web Services.

  4. Choose Use Terraform at the bottom of the page to view the Terraform instructions.

  5. Under Cloud Account Credentials, click on Generate to obtain the values for the upwind_client_id and upwind_client_secret variables.

  6. Create a new directory for your Terraform project and navigate to it in your terminal. Inside the project directory, create a new file named main.tf to hold the Terraform configuration. Copy or download the code snippet from the Terraform setup section and paste it into main.tf.

  7. Run the following command to initialize Terraform within the project directory:

    terraform init

  8. Run the following command to apply the Terraform configuration and create the necessary resources:

    terraform apply

    Review the changes that Terraform plans to make and enter yes when prompted to confirm the changes. Terraform will create the connection between your AWS account and Upwind based on the provided configuration.

  9. Once the terraform apply command has successfully executed, the connection should be established within a few moments. A success message will appear in the console to indicate the successful account connection.

Troubleshooting

If you encounter any issues during the process of establishing a connection between your AWS account and Upwind using Terraform, consider the following troubleshooting steps:

  1. AWS Account ID: Verify that the AWS account ID linked to the current AWS credentials matches the ID of the intended AWS account you are trying to connect to Upwind.

  2. Client Credentials: Verify that the client credentials for Upwind (upwind_client_id and upwind_client_secret) are accurate. Make sure there are no typos or incorrect values.

  3. Authentication Errors: Verify that the aws provider is configured correctly in your Terraform configuration by verifying the credentials.

  4. Insufficient Permissions: Verify that the aws provider is configured with credentials from a user or IAM role that has the required permissions.

  5. Terraform Version Compatibility: Verify that your Terraform version is compatible with the required version. Refer to the provider documentation or release notes for compatibility details. Consider updating Terraform to the latest stable version.

  6. Error Messages and Logs: Pay attention to any error messages or logs displayed during the terraform apply command. They can provide valuable insights into the specific issue you are facing. Look for any specific error codes or descriptions that can guide your troubleshooting process.

If you are still unable to resolve the issue after following these troubleshooting steps, please initiate a chat with us in the Upwind Management Console . The chat support is available 24/7.

Next Steps

After establishing a connection to your AWS account, Upwind will discover any EC2 instances or Kubernetes clusters within your account and label them as Unconnected.

To connect a Kubernetes cluster with Upwind, follow the instructions provided on the Connect a Kubernetes cluster page.

To connect a Linux host with Upwind, follow the instructions provided on the Connect a Linux host page.