This article describes the required procedure to integrate AWS VPC with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations.

Requirements

• AWS account with the appropriate permissions to manage Network ACLs
  
• An Active Lumu Defender subscription or a Lumu MSP account

Preliminary Checklist

• A Network ACL.
• An IAM Custom Policy with the following permissions:
  • DescribeNetworkAcls
  • CreateNetworkAclEntry
  • DeleteNetworkAclEntry
• A User attached to the previously described IAM Custom Policy.
• AWS Access Keys
  • Access Key ID
  • Secret Access Key
• The AWS Region identifier for your AWS URL.

Integration Setup - AWS VPC

Create a Network ACL

1. Access the VPC Dashboard and in the left navigation pane, under the Security section, click on Network ACLs. In the corresponding panel, click on the orange Create Network ACLs 
button.

2. In the creation form that opens next, do the following:

a. Enter a meaningful and descriptive Name(1) for your Network ACL.

b. From the VPC(2) dropdown menu, select the Virtual Private Cloud (VPC) where this Network ACL will operate. The list will show all VPCs in your current region.

c. Optionally, you can add key-value pairs under the Tags(3) section to help organize and manage your AWS resources.

d. After reviewing the entered information, click on the Create network ACL(4) button to generate your new Network ACL.

3. On the final screen, a confirmation of creation message will appear, as well as your newly created network ACL:

Create IAM Custom Policy

1. First, navigate to the IAM (Identity and Access Management) service within your AWS Management Console. You can quickly access this service using the global search bar at the top of the console.

2. Navigate to the Policies section in the left navigation panel of the IAM dashboard.

3. Select Create policy from the top right corner to begin the policy configuration process.

4. In the policy creation interface, you have the option to use either the Visual editor or JSON editor. For this guide, we'll utilize the Visual editor for its intuitive interface. Begin by selecting Choose a service and search for EC2.

5. In the permissions search bar, enter each of the following permissions and select their respective checkboxes to enable them

• DescribeNetworkAcls
• CreateNetworkAclEntry
• DeleteNetworkAclEntry

Ensure that the Effect setting is configured to Allow for these permissions.

6. Once all permissions have been selected, verify that the Action Allowed section matches the expected configuration when collapsed. After confirmation, click Next 
to proceed to the following step.

7. After configuring the permissions, proceed to the Policy details section. Here, assign a descriptive Policy Name(1) that clearly identifies the policy's purpose. Optionally, you may also include a Description(2) and Tags(3) for better resource organization and management. The policy summary will display EC2 as the only service affected by these permissions.

For additional information about AWS tagging best practices, refer to the AWS documentation.

After reviewing your policy summary, click on Create Policy.

8. Finally, a confirmation message will appear, indicating successful policy creation.

Attach Created IAM Policy to User

Lumu strongly recommends that the integration is handled by an exclusive user created for it. To learn how to create a new User in AWS, please refer to their documentation.

1. Navigate to the Users section in the left navigation panel of the IAM dashboard. Locate and select the user account to which you wish to assign the policy.

2. In the user's configuration window, locate the Permissions Policies tab. Select Add permission > Add permissions to begin the policy attachment process.

3. In the Add Permissions interface, you'll find several Permission options. Select Attach policies directly as your chosen method. Utilize the search bar to locate your newly created policy by name. Once found, enable it by selecting the corresponding checkbox, then proceed by clicking Next.

4. A review screen will present a summary of the selected permissions. Carefully verify the details, then select Add permissions to implement the changes.

5. Once successfully completed, the system will display a confirmation message indicating that the policy has been successfully attached to the user.

Creating AWS Access Keys

1. Navigate to the IAM service in your AWS Management Console and select Users from the left navigation panel. Click on the username for which you want to create access keys.

2. Go to the Security credentials tab, locate the Access keys section and select Create access key.

3. On the Access key best practices & alternatives page, select Local code. This option fits applications running outside AWS. Acknowledge the recommendations by checking the confirmation box. Once finished, click Next.

4. Optionally, you may add a description tag to help identify the purpose of these access keys. This is recommended for better key management, especially in environments with multiple access keys. Whether you added a tag or not, click on Create access key to continue the process.

5. On the final screen, a confirmation of creation message will appear, as well as your newly created credentials. Copy the following:

• Access key ID
• Secret access key

To exit this window click on Done

This is the only time you'll be able to view the complete secret access key. Make sure to download the .csv file containing your credentials or copy and store the credentials securely. If you lose the secret access key, you will need to repeat the entire process.

Integration Setup - Lumu Portal

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the AWS VPC integration.

3. Familiarize yourself with the integration details and click the button Activate to start setting up the integration.

4. Provide a meaningful Name. Under Threat Types, choose the specific threat mappings you want to push to AWS VPC. When done, click on the orange Next button.

Please note that you cannot modify the information on this screen. Exercise caution when selecting Threat Types, as changes cannot be made later.

5. Fill in the required information, the Access Key(1), Secret Access Key(2) and Region(3) obtained in Step 5 of the Attach Created Policy to User section. Finally, click on the Next button. Lumu will validate if the credentials provided are correct.

You can find the AWS region in your browser's address bar. The part between https:// and .console.aws.amazon.com - that's your region identifier (for example, in https://us-east-1.console.aws.amazon.com, the region is us-east-1).

6. In the next step, select the Network ACL where you want indicators to be pushed. This is the same one you configured in the Create a Network ACL section. Once selected click on the Activate button..

7. The integration is now created and active. The Lumu Portal will display the details of the created integration.

Final Steps - Validate the Integration

Network ACLs Rule Quota Management in AWS

1. Submit a quota increase request through the AWS Support Center

2. Upon approval from AWS, contact our support team to adjust the integration settings

1. Go to Service Quotas > AWS Services > Amazon Virtual Private Cloud (Amazon VPC) > Rules per network ACL and click on Request increase at account level

2. In the window that appears, enter in the Increase quota value textbox the number you want to increase to and click on Request.

3. After completion, AWS will show a confirmation message of the request made.

For detailed information about default Network ACL configurations and quota management, please refer to the AWS documentation.