{"id":18374569,"url":"https://github.com/jupiterone/jupiterone-aws-cloudformation","last_synced_at":"2026-03-04T08:01:19.170Z","repository":{"id":40558333,"uuid":"138051266","full_name":"JupiterOne/jupiterone-aws-cloudformation","owner":"JupiterOne","description":"AWS CloudFormation that grants JupiterOne access to customer AWS accounts","archived":false,"fork":false,"pushed_at":"2026-02-16T23:55:16.000Z","size":331,"stargazers_count":5,"open_issues_count":1,"forks_count":7,"subscribers_count":17,"default_branch":"main","last_synced_at":"2026-02-17T05:45:38.147Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://jupiterone.com","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JupiterOne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-06-20T15:25:15.000Z","updated_at":"2026-02-16T23:52:15.000Z","dependencies_parsed_at":"2023-09-29T19:33:11.522Z","dependency_job_id":"372fbdf0-5d8c-459d-b90a-3944ea927976","html_url":"https://github.com/JupiterOne/jupiterone-aws-cloudformation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JupiterOne/jupiterone-aws-cloudformation","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fjupiterone-aws-cloudformation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fjupiterone-aws-cloudformation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fjupiterone-aws-cloudformation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fjupiterone-aws-cloudformation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JupiterOne","download_url":"https://codeload.github.com/JupiterOne/jupiterone-aws-cloudformation/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fjupiterone-aws-cloudformation/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30075906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T05:31:57.858Z","status":"ssl_error","status_checked_at":"2026-03-04T05:31:38.462Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T00:15:12.228Z","updated_at":"2026-03-04T08:01:19.151Z","avatar_url":"https://github.com/JupiterOne.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# jupiterone-aws-cloudformation\n\nThis project provides instructions to configure the\n[JupiterOne](https://jupiterone.com/) AWS integration. JupiterOne assumes an IAM\nRole in the target account that has been granted permission to read information\nfrom AWS services supported by JupiterOne. Configuring the IAM Role can be\naccomplished using one of the following methods:\n\n1. [![Launch JupiterOne IAM CloudFormation Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=JupiterOneIntegration\u0026templateURL=https%3A%2F%2Fs3.amazonaws.com%2Fjupiterone-prod-us-aws-cloudformation-templates%2Fcloudformation.json)\n2. [Launch JupiterOne IAM CloudFormation Stack using the AWS CLI](#iam-cloudformation-with-aws-cli)\n3. [Create a Role using the AWS Management Console](#manual-iam-role-creation-with-aws-management-console)\n\nJupiterOne is also capable of processing CloudTrail events. Sending them to\nJupiterOne's AWS account requires an EventBridge event rule, which can be\nconfigured using one of the following methods:\n\n1. [![Launch JupiterOne EventBridge CloudFormation Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=jupiterone-integration-events\u0026templateURL=https%3A%2F%2Fs3.amazonaws.com%2Fjupiterone-prod-us-aws-cloudformation-templates%2Fevents-cloudformation.json)\n2. [Launch JupiterOne EventBridge CloudFormation Stack using the AWS CLI](#events-cloudformation-with-aws-cli)\n3. [Create an EventBridge Rule using the AWS Management Console](#manual-eventbridge-rule-creation-with-aws-management-console)\n\n## IAM\n\n### Supported Services\n\nJupiterOne currently supports the following services:\n\n- AccessAnalyzer\n- ACM\n- API Gateway\n - API Gateway v1\n - API Gateway v2\n- Autoscaling\n- Backup\n- Batch\n- CloudFormation\n- CloudFront\n- CloudHSM\n- CloudTrail\n- CloudWatch\n - CloudWatch Alarms\n - CloudWatch Events\n - CloudWatch Logs\n- CodeBuild\n- CodeCommit\n- CodePipeline\n- Config\n- DirectConnect\n- DynamoDB\n- EC2\n- ECR\n- ECS\n- EFS\n- EKS\n- ElastiCache\n- ELB\n- EMR\n- ES\n- Firehose\n- Firewall Manager\n- Global Accelerator\n- Glue\n- GuardDuty\n- IAM (including IAM Policy analysis)\n- Inspector\n- Inspector2\n- Kinesis\n- KMS\n- Lambda\n- Lex v2\n- Macie 2\n- Network Firewall\n- Organizations\n- RDS\n- Redshift\n - Redshift Serverless\n- Route53\n - Route53 Domains\n- S3 (including Bucket Policy analysis)\n - S3 Glacier\n- Secrets Manager\n- SES\n- Shield\n- SNS\n- SQS\n- SSM\n- Transfer\n- VPC (including VPC Peering)\n- WAF\n- WAF v2\n- Workspaces\n\nFor detailed and specific permissions, see **\"Specific Permissions Policy\"**\nsection below.\n\n### IAM Role Permissions\n\nThe [SecurityAudit][1] AWS-managed IAM policy covers many permissions used by\nJupiterOne and simplifies administration as support for more services is added.\nHowever, there are [additional permissions](#additional-permissions), not\ncovered by `SecurityAudit`, necessary to allow JupiterOne to ingest more\ninformation, enabling the platform to provide even more value.\n\nEach of the configuration methods recommends and assumes the use of the\n`SecurityAudit` managed policy, though you may decide to build out a single\npolicy based on the information provided here.\n\nIn case you don't mind the maintenance work and would prefer to update a\nhand-crafted policy, an exact policy that includes\n[specific permissions](#specific-permissions-policy) is also provided.\n\n#### Additional Permissions\n\n[Link to Additional Permissions Policy](cloudformation/iam-cloudformation/managed-policy.md)\n\n[![Launch JupiterOne IAM CloudFormation Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=JupiterOneIntegration\u0026templateURL=https%3A%2F%2Fs3.amazonaws.com%2Fjupiterone-prod-us-aws-cloudformation-templates%2Fcloudformation.json)\n\n#### Specific Permissions Policy\n\nThis policy may be used to provide only exactly the specific permissions\ncurrently used by JupiterOne. Using this policy will most certainly require you\nto update the policy in the future as more APIs are called by JupiterOne.\n\nNOTE: By default, AWS enforces a policy size limit of 6,144 non-whitespace characters. The policy below has been split into multiple statements to\nstay under the 6,144 non-whitespace character limit. If you have requested a quote increase from AWS, you may be able to consolidate these policies.\n\n[Link to Specific Permissions Policy](cloudformation/iam-cloudformation-detailed/managed-policy.md)\n\n[![Launch JupiterOne IAM CloudFormation Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=JupiterOneIntegration\u0026templateURL=https%3A%2F%2Fs3.amazonaws.com%2Fjupiterone-prod-us-aws-cloudformation-templates%2Fcloudformation-detailed.json)\n\n### IAM CloudFormation with AWS CLI\n\n```bash\naws cloudformation create-stack --stack-name JupiterOneIntegration --capabilities CAPABILITY_NAMED_IAM --template-url https://s3.amazonaws.com/jupiterone-prod-us-aws-cloudformation-templates/cloudformation.json\n```\n\n### Manual IAM Role Creation with AWS Management Console\n\nFrom your AWS Management Console, perform the following steps:\n\n1. Go to **IAM** \u003e **Roles** and click **Create Role**.\n\n2. Select **Another AWS account** under **Select type of trusted entity**.\n\n3. Enter the following **Account ID**: `\u003cjupiterone_account_id\u003e`\n\n4. Select **Require external ID** and enter the following **External ID**:\n `\u003cjupiterone_external_id\u003e`\n\n5. Leave **Require MFA** unchecked and click **Next: Permissions**.\n\n6. Click **Create Policy**, select the **JSON** tab, and enter the document content found here: [Link to Additional Permissions Policy](cloudformation/iam-cloudformation/managed-policy.md)\n\n7. Click **Review Policy** and verify the permissions.\n\n8. Enter `JupiterOneSecurityAudit` as the **Name** and click **Create Policy**.\n\n9. Return to the **Create Role** tab in your browser. Click the Policy table's\n **Refresh Icon**.\n\n10. In the Policy search box, search for `SecurityAudit`. Select both\n `SecurityAudit` and `JupiterOneSecurityAudit` policies. [SecurityAudit][1]\n is an AWS-managed IAM policy.\n\n11. With both policies selected, click **Next: Review**.\n\n12. Enter `JupiterOne` as the **Role Name**, and optionally, enter a description\n for the Role.\n\n13. Click **Create Role**.\n\n14. In the list of Roles, search for and select the newly created `JupiterOne`\n role, and copy the **Role ARN**. It should be in a format that looks like\n `arn:aws:iam::\u003cyour_aws_account_id\u003e:role/JupiterOne`.\n\n## Events\n\n### Supported Events\n\nJupiterOne currently supports the following events:\n\n### S3\n\n| Event Name | Modified Entities `_type` | Modified Relationships `_type` |\n| ------------------------------- | ------------------------- | ------------------------------------------ |\n| CreateBucket | `aws_s3_bucket` | |\n| PutBucketAcl | `aws_s3_bucket` | `aws_s3_bucket_grant` |\n| PutBucketEncryption | `aws_s3_bucket` | |\n| DeleteBucketEncryption | `aws_s3_bucket` | |\n| PutBucketInventoryConfiguration | `aws_s3_bucket` | `aws_s3_bucket_publishes_inventory_report` |\n| PutBucketLifecycle | `aws_s3_bucket` | |\n| PutBucketLogging | `aws_s3_bucket` | |\n| PutBucketPolicy | `aws_s3_bucket_policy` | `aws_s3_bucket_has_policy` |\n| PutBucketReplication | `aws_s3_bucket` | |\n| PutBucketTagging | `aws_s3_bucket` | |\n| PutBucketVersioning | `aws_s3_bucket` | |\n| PutObjectLockConfiguration | `aws_s3_bucket` | |\n| PutPublicAccessBlock | `aws_s3_bucket` | |\n\n### IAM\n\n| Event Name | Modified Entities `_type` | Modified Relationships `_type` |\n| --------------- | ------------------------- | ------------------------------ |\n| CreateAccessKey | `aws_iam_access_key` | |\n| CreateGroup | `aws_iam_group` | |\n| CreatePolicy | `aws_iam_policy` | |\n| CreateRole | `aws_iam_role` | |\n| CreateUser | `aws_iam_user` | |\n\n### EC2\n\n| Event Name | Modified Entities `_type` | Modified Relationships `_type` |\n| ----------------------------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| RunInstances | `aws_instance` | `aws_ec2_has_aws_instance` `aws_instance_uses_ami` `aws_instance_uses_key_pair` `aws_instance_uses_eni` `aws_resource_has_security_group` `aws_security_group_protects_resource` `aws_subnet_has_instance` |\n| StartInstances | `aws_instance` | |\n| StopInstances | `aws_instance` | |\n| TerminateInstances | `aws_instance` | |\n| ModifyInstanceAttribute | `aws_instance` | `aws_resource_has_security_group` `aws_security_group_protects_resource` |\n| CreateFleet | `aws_instance` | `aws_ec2_has_aws_instance` `aws_instance_uses_ami` `aws_instance_uses_key_pair` `aws_instance_uses_eni` `aws_resource_has_security_group` `aws_security_group_protects_resource` `aws_subnet_has_instance` |\n| CreateSecurityGroup | `aws_security_group` | `aws_ec2_has_aws_security_group` |\n| DeleteSecurityGroup | `aws_security_group` | |\n| AuthorizeSecurityGroupIngress | | `aws_security_group_rule` |\n| RevokeSecurityGroupIngress | | `aws_security_group_rule` |\n| AuthorizeSecurityGroupEgress | | `aws_security_group_rule` |\n| RevokeSecurityGroupEgress | | `aws_security_group_rule` |\n| CreateImage | `aws_ami` | `aws_ami_contains_snapshot` |\n| RegisterImage | `aws_ami` | `aws_ami_contains_snapshot` |\n| ModifyImageAttribute | `aws_ami` | |\n| DeregisterImage | `aws_ami` | |\n| CreateSnapshot | `aws_ebs_snapshot` | `aws_ebs_volume_snapshot` |\n| CreateSnapshots | `aws_ebs_snapshot` | `aws_ebs_volume_snapshot` |\n| ModifySnapshotAttribute | `aws_ebs_snapshot` | |\n| DeleteSnapshot | `aws_ebs_snapshot` | |\n\n### Elastic Load Balancing (ELB)\n\n| Event Name | Modified Entities `_type` | Modified Relationships `_type` |\n| ------------------ | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| CreateLoadBalancer | `aws_alb` `aws_elb` `aws_nlb` | `aws_elasticloadbalancing_has_aws_alb` `aws_elasticloadbalancing_has_aws_elb` `aws_elasticloadbalancing_has_aws_nlb` `aws_vpc_has_load_balancer` `aws_resource_has_security_group` `aws_security_group_protects_resource` |\n| CreateListener | `aws_lb_listener` | `aws_load_balancer_has_listener` `aws_lb_listener_uses_acm_certificate` `aws_lb_listener_uses_iam_server_certificate` |\n| CreateTargetGroup | `aws_lb_target_group` | `aws_load_balancer_connects_target_group` |\n| CreateRule | `aws_lb_listener_rule` | `aws_lb_listener_has_rule` |\n| SetSecurityGroups | | `aws_resource_has_security_group` `aws_security_group_protects_resource` |\n| RegisterTargets | | `aws_load_balancer_connects_target_group` |\n\n### AutoScaling\n\n| Event Name | Modified Entities `_type` | Modified Relationships `_type` |\n| ---------------------- | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |\n| CreateAutoScalingGroup | `aws_autoscaling_group` | `aws_autoscaling_has_aws_autoscaling_group` `aws_autoscaling_group_uses_launch_template` `aws_autoscaling_group_has_instance` `aws_autoscaling_group_uses_launch_config` `aws_autoscaling_group_uses_policy` |\n| UpdateAutoScalingGroup | `aws_autoscaling_group` | |\n| DeleteAutoScalingGroup | `aws_autoscaling_group` | |\n\n### RDS\n\n| Event Name | Modified Entities `_type` | Modified Relationships |\n| ----------------------- | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| CreateDBInstance | `aws_db_instance` | `aws_rds_has_aws_db_instance` `aws_rds_cluster_contains_instance` `aws_rds_parameter_group_in_use` `aws_security_group_protects_resource` `aws_resource_has_security_group` `aws_resource_uses_kms_key` `aws_vpc_has_db_instance` `aws_db_instance_uses_secret` `aws_db_instance_uses_option_group` |\n| ModifyDBInstance | `aws_db_instance` | `aws_rds_has_aws_db_instance` `aws_rds_cluster_contains_instance` `aws_rds_parameter_group_in_use` `aws_security_group_protects_resource` `aws_resource_has_security_group` `aws_resource_uses_kms_key` `aws_vpc_has_db_instance` `aws_db_instance_uses_secret` `aws_db_instance_uses_option_group` |\n| StartDBInstance | `aws_db_instance` | |\n| StopDBInstance | `aws_db_instance` | |\n| DeleteDBInstance | `aws_db_instance` | |\n| CreateDBCluster | `aws_rds_cluster` | `aws_rds_has_aws_rds_cluster` `aws_rds_parameter_group_in_use` `aws_security_group_protects_resource` `aws_resource_has_security_group` `aws_resource_uses_kms_key` |\n| ModifyDBCluster | `aws_rds_cluster` | `aws_rds_has_aws_rds_cluster` `aws_rds_parameter_group_in_use` `aws_security_group_protects_resource` `aws_resource_has_security_group` `aws_resource_uses_kms_key` |\n| StartDBCluster | `aws_rds_cluster` | |\n| StopDBCluster | `aws_rds_cluster` | |\n| DeleteDBCluster | `aws_rds_cluster` | |\n| CreateDBSnapshot | `aws_db_snapshot` | `aws_db_instance_has_snapshot` `aws_db_snapshot_uses_kms_key` |\n| DeleteDBSnapshot | `aws_db_snapshot` | |\n| CreateDBClusterSnapshot | `aws_db_cluster_snapshot` | `aws_db_cluster_has_snapshot` `aws_db_cluster_snapshot_uses_kms_key` |\n| DeleteDBClusterSnapshot | `aws_db_cluster_snapshot` | |\n\n### Redshift\n\n| Event Name | Modified Entities `_type` | Modified Relationships `_type` |\n| ------------- | ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| CreateCluster | `aws_redshift_cluster` | `aws_redshift_has_aws_redshift_cluster` `aws_redshift_cluster_uses_parameter_group` `aws_security_group_protects_resource` `aws_resource_has_security_group` `aws_resource_uses_kms_key` `aws_vpc_has_redshift_cluster` |\n| ModifyCluster | `aws_redshift_cluster` | `aws_redshift_has_aws_redshift_cluster` `aws_redshift_cluster_uses_parameter_group` `aws_security_group_protects_resource` `aws_resource_has_security_group` `aws_resource_uses_kms_key` `aws_vpc_has_redshift_cluster` |\n| DeleteCluster | `aws_redshift_cluster` | |\n\n### Events CloudFormation with AWS CLI\n\n```bash\naws cloudformation create-stack --stack-name JupiterOneIntegrationEvents --template-url https://s3.amazonaws.com/jupiterone-prod-us-aws-cloudformation-templates/events-cloudformation.json\n```\n\n### Events CloudFormation with AWS Management Console\n\n[![Launch JupiterOne EventBridge CloudFormation Stack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?stackName=jupiterone-integration-events\u0026templateURL=https%3A%2F%2Fs3.amazonaws.com%2Fjupiterone-prod-us-aws-cloudformation-templates%2Fevents-cloudformation.json)\n\n### Manual EventBridge Rule Creation with AWS Management Console\n\nFrom your AWS Management Console, perform the following steps:\n\n1. Go to **Amazon EventBridge** \u003e **Rules** and, with the default event bus\n selected, click **Create rule**.\n\n1. Enter the following values:\n\n - Name: `jupiterone-cloudtrail-events`\n - Description: `Send CloudTrail Events to JupiterOne`\n\n1. In the **Define pattern** section, select **Event pattern** and then\n **Custom pattern**. Copy the\n `Resources.JupiterOneCloudTrailEventsRule.Properties.EventPattern` object\n from `cloudformation/events/cloudformation-template.json` ([Link to EventBridge CloudFormation](cloudformation/events/cloudformation-template.json)) into the text field. It should look something like this:\n\n ```json\n {\n \"source\": [\"aws.s3\", \"aws.iam\", \"aws.ec2\", \"...more sources...\"],\n \"detail-type\": [\"AWS API Call via CloudTrail\"],\n \"detail\": {\n \"eventSource\": [\n \"s3.amazonaws.com\",\n \"iam.amazonaws.com\",\n \"ec2.amazonaws.com\",\n \"...more sources...\"\n ],\n \"eventName\": [\"...event names here...\"]\n }\n }\n ```\n\n1. In the **Select targets** section, select **Event bus in another AWS\n account**. For the **Event Bus** field, enter\n `arn:aws:events:us-east-1:612791702201:event-bus/jupiter-integration-aws`.\n For the role, select **Create a new role for this specific resource**.\n\n The role should have be created with a policy which looks like:\n\n ```json\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\"events:PutEvents\"],\n \"Resource\": [\n \"arn:aws:events:\u003cTARGET AWS REGION\u003e:\u003cJUPITERONE ACCOUNT ID\u003e:event-bus/jupiter-integration-aws\"\n ]\n }\n ]\n }\n ```\n\n and a trust relationship which looks like:\n\n ```json\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"events.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n }\n ```\n\n1. Click **Create**.\n\n[1]: https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/SecurityAudit\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fjupiterone-aws-cloudformation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjupiterone%2Fjupiterone-aws-cloudformation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fjupiterone-aws-cloudformation/lists"}