Alert Logic® has updated the IAM Role policy for Amazon Web Services deployments. Any new deployments you create will have this new policy in place.
This updated manual IAM role policy can be found within the Alert Logic console at various locations based on your subscription level:
Navigate to Configuration > Deployments > Edit on any Amazon Web Services deployment >
- For Cloud Defender, AWS Instructions
- For Cloud Insight and Cloud Insight Essentials, IAM Role Setup > Or Proceed with Manual Setup
- For SIEMless Threat Management, Setting up a Role > Manual IAM Setup
The policy can then be found under the 2. Create a Policy for... subheading.
Specific changes to the policy will also depend on whether you have Alert Logic offerings (i.e. Cloud Defender, Cloud Insight, Cloud Insight Essentials, etc.) or the SIEMless Threat Management™ product.
Existing Alert Logic Offering Customers
Full and minimal policies have been updated to require customers to provide more read permissions. The permission requirement matches the SIEMless Threat Management manual IAM role policy below. Additionally, updating your IAM role with this new policy is a requirement if you want to upgrade to the SIEMless Threat Management product. While you are not required to update your IAM role unless you want to upgrade, Alert Logic recommends that you do so.
SIEMless Threat Management Customers
Changes have been made to the new deployment Manual mode policy. This policy enables automatic CloudTrail installation. Automatic installation continues to be optional, but Alert Logic continues to need read permissions if you decide to configure CloudTrail manually.
Minimum policy changes include CloudTrail, SNS, and SQS read permissions that will allow Alert Logic to verify CloudTrail set up. Full policy changes include CloudTrail, SNS, SQS, and S3 read and write permissions to allow for automatic setup of CloudTrails.