Horangi Academy

Getting Started with Warden

There are two ways to get started: through CloudFormation, or through the long way.

Setting up Warden can be done through the Storyfier dashboard. There are two ways to get started:

  1. Through a CloudFormation template
  2. Through a manual setup.

Setup Through CloudFormation

AWS CloudFormation is a service that helps you model and set up AWS resources so that you can spend less time managing resources and more time using the application.

To get set up through CloudFormation, first launch your Storyfier dashboard and locate Settings in the top panel. 

The next screen will show details of your organization.  On the left pane, select Scans.

Next, select Warden Scan Group from the Add New drop-down menu. You will be presented with some options prior to creating the group.  

Key in a name for the new Warden Scan Group along with a brief description, scan frequency, date, and time. Once you create your Warden Scan Group, click the ‘Manage’ button on the right side.

Based on the type of group you chose, you will be able to add a cloud account for the warden, a repository for code scanner or a host for web scan.

To add a new cloud account, please make sure that you already signed in AWS account in another tab.  If this is confirmed, then click the Launch CloudFormation Stack button.

If you follow up the steps in order, you will find out that your AWS account is connected to your Storyfier account.

Setup Manually

For the extra cautious and tinkerers, you can adjust and limit to what degree you want Warden to monitor your AWS cloud assets.  The choice is yours.

To start off, create a Warden Scan Group and click the ‘Manage’ button on the right section, followed by clicking on 'Add Cloud Account'. Click to select 'Manual' and proceed with the steps below. 

  1. Do not close the creation screen during the AWS installation.
  2. Login to your AWS Account in a new browser window.
  3. Access the IAM Roles section and Create role.
  4. When prompted for the trusted entity type, select "Another AWS Account".
  5. Enter Horangi's AWS Account Number "396286753434" for the Account ID to trust.
  6. Check "Require external ID" and enter the unique External ID displayed on the dialog screen.
  7. Do not check "Require MFA"
  8. Click Next: Permissions
  9. Select the Security Audit managed IAM policy
  10. Click Next: Tags
  11. Click Next: Review
  12. Enter "horangi-warden-scanner" for the Role name and enter a description of your choice and click Create Role.
  13. Search for the newly created role (i.e horangi-warden-scanner) and copy the Role ARN and paste it in the box provided.
  14. After the role has been created, go to the role's page here.
  15. Click on the field Maximum CLI/API session duration and change the value from 1 hour to 4 hours.
  16. Save the changes.