JupiterOne + AWS Integration

Navigate SecOps complexity by connecting Users, Endpoints and Devices with specific Amazon Web Services using JupiterOne’s AWS Integration.

Overview of the AWS Integration

JupiterOne provides a managed integration with Amazon Web Services. The integration connects directly to AWS APIs to obtain infrastructure metadata and analyze resource relationships. Customers authorize read-only, security audit access by establishing an IAM trust relationship that allows JupiterOne to assume a role in their account.

Information is ingested from all AWS regions that do not require additional contractual arrangements with AWS. Please submit a JupiterOne support request if you need to monitor additional regions.

Robust AWS Integration

JupiterOne integrates with 40 (and growing) AWS services to provide unparalleled security and compliance visibility in a single location. It is easy to view and analyze the relationships between users, services and critical resources to quickly spot gaps, risks and vulnerabilities across your cloud environment.

This expansive list of integrations provides greater visibility and understanding of your environment.

A Searchable Graph

After ingesting and maintaining resources from your AWS services, JupiterOne maps the resources on a searchable graph. This graph highlights the complex relationships between resources, users and services while the JupiterOne query language allows users to ask questions or do simple text search to find details around a specific asset.

These searches can be performed two ways: using DevOps/engineering language or using compliance/security language. This makes JupiterOne a centralized resource for various teams, providing a single source of truth.

AWS Integrated Services

  • Account and Organizations
  • AWS Certificate Manager
  • API Gateway
  • Amazon Batch
  • AWS CloudFormation
  • Amazon CloudFront
  • Amazon CloudWatch
  • Amazon CloudWatch Logs
  • AWS Config
  • Amazon DynamoDB
  • Amazon EC2
  • Amazon EC2 AutoScaling
  • Amazon Elastic Container Registry (ECR)
  • Amazon Elastic Container Service (ECS)
  • Amazon Elastic File System (EFS)
  • Amazon Elastic Kubernetes Service (EKS)
  • Amazon Elastic Load Balancing (ELB)
  • Amazon ElastiCache
  • Amazon Elasticsearch Service
  • Amazon GuardDuty
  • AWS Identity and Access Management (IAM)
  • AWS IAM Access Analyzer
  • AWS IAM Cross Account Trust
  • AWS IAM Policy Analysis
  • Amazon Inspector
  • AWS Key Management Service
  • AWS Lambda
  • Amazon Relational Database Service (RDS)
  • Amazon RedShift
  • Amazon Route 53 Hosted Zones and Records
  • Amazon Route 53 Domains
  • Amazon Simple Storage Service (S3)
  • S3 Bucket Policies
  • Amazon Simple Notification Service (SNS)
  • Amazon Simple Queue Service (SQS)
  • Transfer for SFTP
  • VPC and VPC Peering
  • AWS Web Application Firewall

What our customers say

“As we assessed tool and technology options, we wanted to be certain we avoid featured overload. Centralized and simple was a priority”

– David Atkins, Lucerna Health

Read the case study

“JupiterOne has become critical for S3 bucket security because it provides a really good line of sight into assets to get ahead of vulnerability management.”

Adam Youngberg, Databricks

Read the case study

Download our research paper.

Learn how we implemented a "zero trust", data-centric security model with and a virtually air-gapped production environment by harnessing the power of cloud infrastructure, platform and services in Amazon Web Services (AWS).

Download Now

Get Answers to 100+ Questions - Out of the Box

  • What accounts are in my AWS organization?
  • Which external AWS accounts are in my environment but not part of my organization?
  • Is there anything that connects to an external AWS account that is not part of my organization?
  • Was the root account user recently used to log in or access?
  • Is MFA enabled for the Account Root User for all my AWS accounts?
  • Are there root user access keys in use for any of my AWS accounts?
  • Is MFA enabled for all IAM users that have a console password?
  • Which IAM users do not have a console password?
  • Which IAM users do not have an access key?
  • Which IAM user access keys were recently used (in the past week)?
  • Are there active IAM user access keys unused for more than 90 days?
  • Who recently updated their IAM user password (in the past week)?
  • Which IAM user has password older than 90 days?
  • Who recently logged in to the AWS console (in the past week)?
  • Which IAM user has not logged in to the console in more than 90 days?
  • Which IAM user account recently accessed their account (in the past week)?
  • Which IAM user account has not been accessed in 90 days?
  • Which IAM role has not been used in 90 days?
  • Which IAM user access keys were recently created (in the past week)?
  • Which IAM user access keys are older than 90 days?
  • Are there inactive IAM user access keys?
  • IAM password policy should require at least one uppercase letter.
  • IAM password policy should require at least one lowercase letter.
  • IAM password policy should require at least one symbol.
  • IAM password policy should require at least one number.
  • IAM password policy should require minimum length of 14 characters.
  • IAM password policy should prevent reuse of the same password (for at least past 10 history).
  • IAM password policy should enforce password expiration within 90 days.
  • Are there IAM Users with inline policy directly attached?
  • Which IAM policies allow full admin access to any and all resources?
  • Find all the IAM user access keys in production AWS accounts.
  • Find all the SSH key pairs in production AWS accounts.
  • Are there SSH keys not in use?
  • What Lambda functions are in my environment, and what triggers them?
  • How are my Lambda functions invoked?
  • List Lambda Functions by Runtime
  • Which Lambda functions are inside a VPC?
  • Is there an IAM role created to manage incidents and tickets with AWS Support?
  • Which IAM roles are assigned which IAM policies?
  • Who has been assigned full Administrator access?
  • Who has direct user access to my AWS accounts?
  • Who has direct user access to my production AWS accounts?
  • Who has access to my AWS accounts via SSO?
  • Who has access to my production AWS accounts via SSO?
  • Who has access to my AWS accounts via SSO in a multi-account environment?
  • Who can assume which role across my AWS environment?
  • Are there assume role trusts to external entities?
  • What are the service roles in my AWS accounts (i.e. an IAM Role that has a trust policy to an AWS Service)?
  • What trusts are configured to a federated identity provider?
  • Are there users with non-compliant endpoint devices that can access AWS?
  • What compute resources are configured for use by AWS Batch?
  • What are the active Batch container job definitions?
  • How many inactive Batch job definitions are there?
  • Which EC2 instances have actively running ECS container instances?
  • Show me details of currently running ECS tasks.
  • Are all EBS volumes encrypted?
  • Is default server side encryption enabled for all S3 Buckets?
  • Is public access block configured for non-public S3 Buckets?
  • Is public read access enabled for any S3 Bucket?
  • Is public write access enabled for any S3 Bucket?
  • Is public access enabled for any S3 Bucket?
  • Is S3 bucket access granted to anybody outside of the account?
  • Is there any S3 bucket that grants full control access to anybody other than the owner?
  • Which S3 buckets are used to store cloudtrail logs?
  • Which S3 buckets have inventory reports enabled? And where do they publish to?
  • Is CloudTrail logging enabled?
  • Who has access to cloudtrail logs?
  • Is the S3 bucket containing cloudtrail logs publicly accessible?
  • Is CloudTrail logging / trails integrated with CloudWatch logs?
  • Is access logging enabled on the S3 bucket containing cloudtrail logs?
  • Is encryption enabled on the S3 bucket containing cloudtrail logs?
  • Is there any leak credential or secret in CloudFormation stack parameters or outputs?
  • Which EC2 instances or Lambda functions are configured to write logs to CloudWatch?
  • Are there any EBS volumes not in use?
  • Are there EC2 instances exposed to the Internet?
  • Which EC2 instances may have external network connections?
  • Which security group rules allow inbound traffic from a public network or host on the Internet?
  • Which security group rules allow outbound traffic to a public network or host on the Internet?
  • Which security group rules allow inbound SSH traffic from the Internet?
  • Which security group rules allow inbound RDP (remote desktop) traffic from the Internet?
  • Which security group rules allow inbound traffic from the Internet?
  • Which security group rules allow outbound traffic to the Internet?
  • Which Lambda functions are associated with CloudFront distributions (Lambda@Edge)?
  • Which S3 buckets host static content for CloudFront distribution (CDN)?
  • Which certificates are in use by CloudFront distributions?
  • What resources are used by or associated with CloudFront distributions?
  • Are there ENIs not in use?
  • Are there EIPs not in use?
  • Are all the AWS Config rules complaint?
  • Are there any noncompliant production resources in AWS per Config evaluation?
  • Show me correlation of instances impacted by Inspector findings and GuardDuty findings
  • Are there public facing instances that are allowed to access non-public S3 buckets?
  • What IAM roles and policies can external facing instances use?
  • S3 buckets referenced in IAM or bucket policies that do not exist in integrated accounts
  • AWS Cross-Account Assume Role Trusts Diagram
  • Are VPC Flow Logs enabled?
  • What is the estimated monthly cost of my RDS database backups?
  • What’s behind elastic load balancers?

Providing Complete Visibility for Leading Cloud-Native Organizations

Providing Complete Visibility for Leading Cloud-Native Organizations

databricks logo