Skip to main content

Set up Tidal Control AWS integration

The Tidal Control integration is able to provide automatic evidence gathering within an Amazon Web Service (AWS) account. To facilitate this integration, a mutual connection between AWS and Tidal must be established. This requires configuring the appropriate permissions for the integration within the AWS account. Additionally, it is essential to create a reciprocal connection, ensuring AWS recognizes and authorizes the integration to access the account. Setting up the mutual connections requires us to create a policy which determines the permissions for the integration. This policy is then attached to a role which the integration can use to access the AWS account.

To set up the integration, we need the following information:

  • AWS Region
  • AWS Role ARN
  • Account ID
  • External ID (optional)

Of which the account ID and external ID are unique identifiers of the integration and are used to establish the mutual connection. Below, we will explain how to set up the policy and role in the AWS account.

Setting Up a Role in AWS Console

  1. Login to AWS Management Console Navigate to the AWS Management Console and sign in.

  2. Navigate to IAM In the AWS Management Console, navigate to the IAM (Identity and Access Management) service.

  3. Create a new Role Click on Roles in the left navigation pane, then click on Create role.

  4. Select AWS account Select AWS account, followed by Another AWS account. An input box appears where you can enter the Account ID of the integration. As noted on the page, we can use the External ID to establish a more secure mutual connection between the integration and the AWS account. By selecting this box, we can enter the External ID that is generated on the integration settings page. You can also create your own External ID, be sure to keep it safe and not use whitespace characters and special characters. This will need to be entered in the Tidal Control application. After this is done, click on Next.

  5. Set permissions On the "Add permissions policies" page, search for the SecurityAudit policy. Select it and click on Next

  6. (Optional) Add tags You can add tags to your role, this is optional and only serves a purpose if tags are widely used in your environment. Click on Next when you're done.

  7. Review and create the role Give your role a name, an optional description, and review the role's permissions. We suggest naming the Role Tidal Integration. Once everything looks good, click on Create role.

You have now created a role for the Tidal AWS integration in AWS. In the Roles overview page, you can see the newly created role from there you can find the details of the role, such as the Role ARN. In the summary page of the role, you can find the Role ARN, which is needed to set up the integration in Tidal Control. The only thing we need now is the AWS Region, which can be found in the AWS Management Console, in the top right corner, next to the account information. If it is marked as global, you can use aws-global as the region.

Now you should have the following information:

  • AWS Region
  • AWS Role ARN
  • External ID (Optional)