Fortinet black logo

Administration Guide

Deploying AWS deception keys

Copy Link
Copy Doc ID 250a63c1-9b8e-11ee-a142-fa163e15d75b:232065
Download PDF

Deploying AWS deception keys

To deploy AWS deceptions keys, first create the keys in AWS, then upload them to the FortiDeceptor and create a new campaign.

To create an IAM user:
  1. Log in to your AWS administrator account.
  2. Go to Access Management > Users and click Add Users.
  3. In the User details page, enter a User Name and click Next.

  4. On the Set Permissions page, do not assign permissions, and click Next.

  5. On the Review and create page, click Create User. The new user is created.

  6. Create an access key for an AWS Connector user.
To create an AWS Connector user with AWSCloudTrail_ReadOnlyAccess permission:
  1. Create a new AWS Connector user such as AWSKeyscon.

  2. Set the permissions to Attach existing polices directly and select AWSCloudTrail_ReadOnlyAccess.

  3. Review the user permissions and click Create user.

To grant an AWS connector user access to credential reports:
  1. Go to Policies and create a custom policy such as fdcAWScredentialReport.
  2. Click the Permissions tab and configure the permissions. For example:

    {

    "Version": "2012-10-17",

    "Statement": {

    "Effect": "Allow",

    "Action": [

    "iam:GenerateCredentialReport",

    "iam:GetCredentialReport"

    ],

    "Resource": "*"

    }

    }

  3. Go to IAM > Users and select the AWS Connector user such as AWSKeyscon, and then click Add Permissions.

  4. Configure the permissions.
    1. Under Permissions polices add the custom policy such as fdcAWScredentialReport.
    2. Click Next.

    3. Review the User details and Permissions summary and click Add Permissions.

To create an access key for an AWS Connector user:
  1. Go to IAM users and select a user such as AWSKeyscon, and then click the Security credentials tab.

  2. Under Access keys click Create access key.

  3. Under Access key best practices & alternatives select Command Line Interface (CLI) and click Next.

  4. (Optional) Set the description tag and click Create access key.

  5. On the Retrieve access keys page, click Download .csv file and then click Done.

  6. In the Permissions tab, ensure the AWS Keys Connector has the following two permissions: AWSCloudTrail-ReadOnlyAccess and the custom policy such as fdcAWScredentialReport.

To deploy the deception keys in FortiDeceptor:
  1. Log in to FortiDeceptor and go to Deception > Lure Resources.

  2. Go to Fabric > Quarantine Integration > +Quarantine Integration With New Device and configure the integration.
    Integrate methodSelect AWS Keys.
    AWS RegionEnter the region for the AWS Connector user you created in the previous task.
    AWS Access Key IDEnter the access key ID for the AWS Connector user you created in the previous task.
    AWS Secret Access KeyEnter the secret access key for the AWS Connector user you created in the previous task.

  3. Go to Deception > Deception Token > Token Campaign.
  4. Click + Campaign and select the AWS lure you unloaded in Step 2.

  5. Click Generate API Auth Key and click Save.

Deploying AWS deception keys

To deploy AWS deceptions keys, first create the keys in AWS, then upload them to the FortiDeceptor and create a new campaign.

To create an IAM user:
  1. Log in to your AWS administrator account.
  2. Go to Access Management > Users and click Add Users.
  3. In the User details page, enter a User Name and click Next.

  4. On the Set Permissions page, do not assign permissions, and click Next.

  5. On the Review and create page, click Create User. The new user is created.

  6. Create an access key for an AWS Connector user.
To create an AWS Connector user with AWSCloudTrail_ReadOnlyAccess permission:
  1. Create a new AWS Connector user such as AWSKeyscon.

  2. Set the permissions to Attach existing polices directly and select AWSCloudTrail_ReadOnlyAccess.

  3. Review the user permissions and click Create user.

To grant an AWS connector user access to credential reports:
  1. Go to Policies and create a custom policy such as fdcAWScredentialReport.
  2. Click the Permissions tab and configure the permissions. For example:

    {

    "Version": "2012-10-17",

    "Statement": {

    "Effect": "Allow",

    "Action": [

    "iam:GenerateCredentialReport",

    "iam:GetCredentialReport"

    ],

    "Resource": "*"

    }

    }

  3. Go to IAM > Users and select the AWS Connector user such as AWSKeyscon, and then click Add Permissions.

  4. Configure the permissions.
    1. Under Permissions polices add the custom policy such as fdcAWScredentialReport.
    2. Click Next.

    3. Review the User details and Permissions summary and click Add Permissions.

To create an access key for an AWS Connector user:
  1. Go to IAM users and select a user such as AWSKeyscon, and then click the Security credentials tab.

  2. Under Access keys click Create access key.

  3. Under Access key best practices & alternatives select Command Line Interface (CLI) and click Next.

  4. (Optional) Set the description tag and click Create access key.

  5. On the Retrieve access keys page, click Download .csv file and then click Done.

  6. In the Permissions tab, ensure the AWS Keys Connector has the following two permissions: AWSCloudTrail-ReadOnlyAccess and the custom policy such as fdcAWScredentialReport.

To deploy the deception keys in FortiDeceptor:
  1. Log in to FortiDeceptor and go to Deception > Lure Resources.

  2. Go to Fabric > Quarantine Integration > +Quarantine Integration With New Device and configure the integration.
    Integrate methodSelect AWS Keys.
    AWS RegionEnter the region for the AWS Connector user you created in the previous task.
    AWS Access Key IDEnter the access key ID for the AWS Connector user you created in the previous task.
    AWS Secret Access KeyEnter the secret access key for the AWS Connector user you created in the previous task.

  3. Go to Deception > Deception Token > Token Campaign.
  4. Click + Campaign and select the AWS lure you unloaded in Step 2.

  5. Click Generate API Auth Key and click Save.