Step1: In Saner, click on “Onboarding”
Step2: Select “AWS Role (Manual)”, as shown in the image below, and copy the “AWS External ID,” that’s required for AWS account onboarding
AWS Remediation Policy Creation
Step3: Log in to your AWS account and ensure you are in the correct region, or switch to the required region
Step4: Navigate to “IAM” and click on “Policies” under “Access Management,” as shown in the image below
Step5: Click on “Create Policy” and select “JSON,” which will open the “Policy Editor,” as shown in the image below.
Step6: Click here to download the policy. Open the JSON file, copy its contents, and paste the policy into the “Policy Editor,” then click “Next”
Step7: Enter the “Policy Name” as “Saner-CNAPP-Remediation-Policy” and provide the description, as shown in the image below
Step8: Add a new tag if necessary and click on “Create Policy.” Once the policy is successfully created, copy the “Policy Name” for future use
AWS Saner CNAPP Role Creation
Step9: Navigate to “IAM” and click on “Roles” under “Access Management,” as shown in the image below
Step10: Click on “Create Role,” as shown in the image above
Step11: Select the “Custom trust policy” option, then copy and paste the trust policy from this “Click here.” Replace the copied external ID(Refer Step 2) from Saner with “SanerCloud-Pre-Generated-Random-External-ID,” as shown in the image, and click “Next”
Step12: Search for and select the “ReadOnlyAccess” AWS managed policy, as shown in the image below
Step13: Search for and select the remediation policy “Saner-CNAPP-Remediation-Policy” that was created in the previous steps, as shown in the image below and click Next
Step14: Enter the “Role Name” as “Saner-CNAPP-Access-Role” and provide an appropriate description, as shown in the image below
Step15: Review all the entered details, as shown in the image above, and click “Create Role” to create the role
Step16: After the role is successfully created, search for the newly created role, “Saner-CNAPP-Access-Role,” as shown in the image below
Step17: Click on the “Saner-CNAPP-Access-Role” and copy the role ARN, “arn:aws:iam::1234567890:role/Saner-CNAPP-Access-Role,” as shown in the image below
Step18: Go to the Saner CNAPP Onboarding page, paste the copied ARN into the “AWS Role ARN” field, and click the “Onboard” button to onboard the AWS account into Saner, as shown in the image below
Step19: The AWS Role Manual Onboarding is complete. Click on “Scan Settings,” configure the required provisions, and initiate the scan by clicking the “Scan” button in the “Actions” pane, as shown in the image below
