Prerequisites

Prerequisites for AWS Integration

Requirements

• An active Nullify account

• AWS account with permissions to create IAM roles

• Access to AWS CloudFormation or Terraform

Deployment Steps

1. Access Integration Templates

   • Log in to your Nullify dashboard

   • Navigate to Integrations > AWS

   • Download either the CloudFormation or Terraform template

2. Deploy the Template

   • CloudFormation:

     • Single account: Deploy through AWS Console or AWS CLI or IaC

     • Multi-account: Deploy using AWS CloudFormation StackSets

   • Terraform: Apply using your existing Terraform workflow

3. Verify Connection

   • Return to Nullify dashboard

   • Confirm successful integration status on next scheduled run

Multi-Account Setup

For organizations managing multiple AWS accounts, we recommend using CloudFormation StackSets to deploy the integration across your organization. This ensures consistent deployment and easier management of the Nullify Integrations across your AWS landscape.

Kubernetes Integration

Nullify's Kubernetes integration enables security scanning of your Kubernetes clusters to identify vulnerabilities and misconfigurations. The integration deploys a collector that gathers cluster information and securely transmits it to Nullify for analysis.

Benefits

• Identifies Code specific vulnerabilities that can be exploited using security misconfigurations

• Detects vulnerable workloads and container images

• Provides remediation guidance for Kubernetes resources

• Minimal resource footprint

Prerequisites For Helm Installation

• Kubernetes cluster (EKS, GKE, AKS, or self-managed)

• Helm v3 installed

• AWS account with Nullify integration configured

Using Terraform

If you're using Terraform to deploy the Nullify AWS integration, you can automatically deploy the Kubernetes collector by setting the enable_kubernetes_integration boolean to true in your Terraform configuration(But we recommend using the helm charts):

module "nullify_integration" {
  source = "nullify/integration/aws"
  
  # Enable automatic deployment of Kubernetes collector
  enable_kubernetes_integration = true
  
  # Other configuration parameters
  # ...
}

Using Nullify Dashboard

1. Log in to your Nullify dashboard

2. Navigate to the Explore > Asset Inventory > Host Catalogue > New Host Scan

3. Download the customized Helm chart (k8s-collector.tgz) specific to your account and use values.yaml to customize information really specific to your organization

4. Install using the downloaded chart:

   Copy

   helm upgrade --install nullify-k8s-collector ./k8s-collector.tgz \
     --namespace nullify \
     --create-namespace \
     -f values.yaml

Configuration

The collector can be customized by modifying the values.yaml file:

# Key configuration options
collector:
  # -- Schedule for the collector (default: daily at midnight)
  schedule: "0 0 * * *"
  # -- AWS configuration
  aws:
    # -- AWS region
    region: "us-west-2"
  
serviceAccount:
  # -- Create a service account for the collector
  create: true
  # -- Name of the service account
  name: "nullify-k8s-collector-sa"
  # -- Namespace to create the service account in
  namespace: "nullify"
  # -- Annotations for the service account (for AWS IAM integration)
  annotations:
    eks.amazonaws.com/role-arn: "YOUR-NULLIFY-CROSS-ACCOUNT-ROLE-ARN"

Note: Helm Charts can only be deployed after the IAM role have been provisioned in your cloud accounts and upon installation please share the IAM role arn with us through slack.

Security Note

The deployed templates create IAM roles with permissions that allows Nullify to securely collect only the necessary information for vulnerability analysis.

Need Help?

• For deployment issues: contact support@nullify.ai