Connecting AWS Monitoring

The following instructions will guide your team in setting up and configuring multiple AWS accounts for Dash compliance monitoring. Teams will have to provide permissions via Dash and CloudFormation to allow Dash to scan secondary AWS accounts.

What Will You Need?

• AWS User With Administrator Permissions – (the CloudFormation template creates resources that require a higher permission set)

• Existing Dash ComplyOps Platform in your AWS account 

• About 5 minutes of time

Instructions

Dash ComplyOps v3.0.0 has implemented a new process for monitoring AWS accounts.

Users installing a new version of Dash or clients updating to the v3.0.0 application must ensure that they reconnect all AWS account monitoring.

To connect one or more AWS accounts, take the following steps:

1. In the Dash ComplyOps, navigate to Settings → Monitoring Settings

2. The page should look like this:

3. Click the ‘Connect AWS Account’ button under AWS Accounts section. You will need to enter the following:

• AWS Account Name - A name defined by your team to identify the account you are connecting to monitoring (this can be a name of your choice)

• AWS Account ID - Enter the AWS Account ID for the AWS account you want to connect to Dash monitoring. You can find this by logging into the account and clicking on the top right user dropdown.

• Once you have entered the AWS Account Name and AWS Account ID, click “Run CloudFormation”

4. You will be taken to AWS where you will need to login and grant Dash permission to scan this environment. In the new browser tab that just opened, please enter the password for the selected account.

5. After logging it, you will be redirected to the CloudFormation setup page. It has already preloaded with the correct CloudFormation template, using an S3 URL. 

6. Click the ‘Next‘ button.

7. On the subsequent page, you will see the following pameters

• These parameters should be pre-filled and there is nothing to change on this screen.

  • Stack Name = dashscanrole

  • AWSAccountID = 452806217681

  • ExternalID = The External ID from the Dash Modal

• On this page, you must select the checkbox - “I acknowledge that AWS CloudFormation might create IAM resources with custom names“

• Now click “Create Stack“

9. The CloudFormation template is now under way. It may take a few minutes until the CloudFormation template completes successfully. You will then see the status CREATE_COMPLETE.

10. Now you can navigate back to the Dash Settings Page. Click the “Connect Account” button.

• The Dash application should recognize that you have connected the new AWS account to monitoring.

11. You can click the ‘Refresh AWS Environments’ to see updates to the connected accounts. After waiting a few seconds, you will now see that the environment if now validated. This means that scans are being ran on this environment.

Manually Download/Install CloudFormation Template

If you are unable to use the “Run CloudFormation” function and/or the instructions above, you can download and deploy the template manually using the following steps to connect an AWS account to Dash ComplyOps monitoring:

1. Download the IAM Role CloudFormation Template - Download CloudFormation Template

2. Login to the AWS account you want to connect to AWS Monitoring

3. Navigate to AWS CloudFormation in the top search

4. Click “Create Stack” button

5. Upload the CloudFormation template downloaded from step one

6. In another tab navigate to Dash ComplyOps application

   1. Login to Dash

   2. Go to Settings > Monitoring Settings

   3. Click “Connect AWS Account” button

   4. Copy the “ExternalID” in the modal to use as Stack Parameters

7. Enter the following parameters into the CloudFormation stack parameters page:

   1. Stack Name = dashscanrole (or name selected by you)

   2. AWSAccountID = 452806217681

   3. ExternalID = The External ID from the Dash Modal

8. Click “Create Stack”

9. The CloudFormation template is now under way. It may take a few minutes until the CloudFormation template completes successfully. You will then see the status CREATE_COMPLETE.

10. Now you can navigate back to the Dash Settings Page. Click the “Connect Account” button.

    • The Dash application should recognize that you have connected the new AWS account to monitoring.

11. You can click the ‘Refresh AWS Environments’ to see updates to the connected accounts. After waiting a few seconds, you will now see that the environment if now validated. This means that scans are being ran on this environment.