LogoLogo
Book a Demo
  • Introduction
  • Getting Started
    • Install
    • Configuration - General
    • Configuration - Code
    • Configuration - Dependencies
    • Configuration - Containers
    • Configuration - Secrets
    • Configuration - Attack Surface Monitoring
  • Features
    • Code Scanning
      • Custom Rules
      • Supported Languages
    • Dependency Scanning
      • Supported Package Managers
    • Secrets Scanning
      • Supported Secret Types
      • Confidential Information
    • Web App Penetration Testing
      • Quickstart
      • Supported Applications
      • Apps in Private Networks
      • Custom Rules
    • Orchestration
  • Integrations
    • GitHub
      • Repository Issue Dashboards
    • Bitbucket
      • Repository Dashboards
    • Slack
      • Install
    • Jira
      • Install
      • Configuration
      • Assignee
      • Priorities
      • Manual Ticket Creation
    • AWS
      • Prerequisites
      • Configuration
  • API Reference
    • Nullify API
      • Authentication
      • Pagination
      • Admin
      • Code Scanning (SAST)
      • Dependency Scanning (SCA)
      • Secrets Scanning
      • Dynamic Scanning (DAST)
  • Enterprise Tier
    • GitHub Install
    • Azure DevOps Install
  • More Info
    • About Us
    • Latest Updates
    • Security
    • Data Handling Policy
Powered by GitBook

© 2023 Nullify | All Rights Reserved.

On this page
  • Overview
  • Configuration Parameters
  • Configuration Modes
  • Organization-wide Scanning
  • Selective Scanning
  • Validation

Was this helpful?

  1. Integrations
  2. AWS

Configuration

Overview

Configure Nullify's AWS integration to specify which accounts and regions to monitor for security findings.

Configuration Parameters

integrations:
  aws:
    enable: true
    role_name_to_assume: nullify-role    # IAM role created by CloudFormation/Terraform
    # Organization-wide scanning
    primary_account_id: "123456789012"   # AWS Organization's management account
    primary_region: "ap-southeast-2"     # Primary region for API calls
    
    # Optional: Selective scanning
    target_regions: ["ap-southeast-2", "us-east-2"]     # Specific regions to scan
    target_accounts: ["123456789012", "123456789013"]   # Specific accounts to scan

Configuration Modes

Organization-wide Scanning

When deployed across your AWS Organization, simply specify:

  • primary_account_id: Your AWS Organization's management account

  • primary_region: Primary region for API operations

  • role_name_to_assume: IAM role name created during deployment

Important Note: Organization-wide scanning requires the IAM role to be deployed in the management account (formerly known as master account) as well as member accounts. Nullify will automatically discover and scan all accounts in your organization.

Selective Scanning

To limit scanning to specific accounts or regions:

  • target_regions: List of AWS regions to scan

  • target_accounts: List of AWS account IDs to scan

  • role_name_to_assume: IAM role name created during deployment

Note: When using selective scanning, primary_account_id and primary_region are not required.

Validation

  • All account IDs must be valid 12-digit AWS account numbers

  • Regions must be valid AWS region identifiers

  • The specified role must exist in all target accounts

Need help with configuration? Contact support@nullify.ai

PreviousPrerequisitesNextNullify API

Last updated 3 days ago

Was this helpful?