Mozilla Enterprise Information Security (EIS) has an update to the security features we provide for your AWS account. You previously deployed the InfosecClientRoles into your account to enable EIS to perform security audits on your account and do security incident response in the case of a security breach. We have a new CloudFormation template that we'd like to have you update to in order to * grant additional security auditing read permissions * change incident response to a role trusting a dedicated incident response AWS account * enable AWS GuardDuty threat detection service and wire it up to the Mozilla Defense Platform (MozDef) There are many specifics if you're interested in the [README][1] What we'd like you to do is update your existing CloudFormation stack * AWS account IDs * 019598067430 * 058419420086 * 093365119719 * 095732026120 * 177680776199 * 178589013767 * 222455217982 * 246013728370 * 314563910040 * 359555865025 * 412902012385 * 417610946505 * 503205249670 * 516756624387 * 517826968395 * 558986605633 * 586197220278 * 589768463761 * 602876482920 * 633020870034 * 645554471334 * 711390850544 * 723362035877 * 921547910285 * AWS region : Depends on the account * CloudFormation stack name : Probably `opsec` with the new template. Here's how # Update your existing stack You can either do the update in the AWS web console or on the command line with the awscli tool. You'll be doing a CloudFormation stack update to a new template. ## Update in the web console * Browse to the [CloudFormation section](https://console.aws.amazon.com/cloudformation/home?region=us-west-2) * Select the `InfosecClientRoles` stack by checking the check circle next to it * In the `Actions` drop down in the upper right select `Update Stack` * On the `Prerequisite - Prepare template` screen select `Replace current template` * In the `Amazon S3 URL` field enter https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml * Click the `Next` button * Enter an optional email address to receive notifications at of use of the incident response role * On the `Specify stack details` click the `Next` button * On the `Configure stack options` page click the `Next` button * On the `Review` page click the checkbox that says `I acknowledge that AWS CloudFormation might create IAM resources.` * Click the `Update stack` button * When the CloudFormation stack completes the creation process and the `Status` field changes from `UPDATE_IN_PROGRESS` to `UPDATE_COMPLETE` you're done. ## Update on the command line * Set the EMAIL_ADDRESS that you'd like to receive notifications at if/when the incident response role is ever used. Note : EIS is *always* notified if the incident response role is ever used. * The STACK_NAME below is set to your existing InfosecClientRoles stack name * The REGION below is region in which your existing stack is deployed ```bash EMAIL_ADDRESS=example@example.com STACK_NAME=InfosecClientRoles REGION=us-west-2 AWS_DEFAULT_REGION=${REGION} aws cloudformation update-stack \ --stack-name ${STACK_NAME} \ --template-url https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml \ --parameters ParameterKey=EmailAddress,ParameterValue=${EMAIL_ADDRESS} \ --capabilities CAPABILITY_IAM ``` # How do you like to be contacted? Finally, if in the future you'd like to be contacted through a different channel (GitHub issue, Bugzilla ticket, ServiceNow, email, etc) for this type of thing or if there's a better person or place to make this request, do let us know. [1]: https://github.com/mozilla/security/blob/master/operations/aws-security-roles/README.md
Bug 1525127 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Mozilla Enterprise Information Security (EIS) has an update to the security features we provide for your AWS account. You previously deployed the InfosecClientRoles into your account to enable EIS to perform security audits on your account and do security incident response in the case of a security breach. We have a new CloudFormation template that we'd like to have you update to in order to * grant additional security auditing read permissions * change incident response to a role trusting a dedicated incident response AWS account * enable AWS GuardDuty threat detection service and wire it up to the Mozilla Defense Platform (MozDef) There are many specifics if you're interested in the [README][1] What we'd like you to do is update your existing CloudFormation stack * AWS account IDs * 019598067430 * 058419420086 * 093365119719 * 095732026120 * 177680776199 * 178589013767 * 222455217982 * 246013728370 * 314563910040 * 359555865025 * 412902012385 * 417610946505 * 503205249670 * 516756624387 * 517826968395 * 558986605633 * 586197220278 * 589768463761 * 602876482920 * 633020870034 * 645554471334 * 711390850544 * 723362035877 * 921547910285 * 324161760293 * 932424332618 * 333683252453 * AWS region : Depends on the account * CloudFormation stack name : Probably `opsec` with the new template. Here's how # Update your existing stack You can either do the update in the AWS web console or on the command line with the awscli tool. You'll be doing a CloudFormation stack update to a new template. ## Update in the web console * Browse to the [CloudFormation section](https://console.aws.amazon.com/cloudformation/home?region=us-west-2) * Select the `InfosecClientRoles` stack by checking the check circle next to it * In the `Actions` drop down in the upper right select `Update Stack` * On the `Prerequisite - Prepare template` screen select `Replace current template` * In the `Amazon S3 URL` field enter https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml * Click the `Next` button * Enter an optional email address to receive notifications at of use of the incident response role * On the `Specify stack details` click the `Next` button * On the `Configure stack options` page click the `Next` button * On the `Review` page click the checkbox that says `I acknowledge that AWS CloudFormation might create IAM resources.` * Click the `Update stack` button * When the CloudFormation stack completes the creation process and the `Status` field changes from `UPDATE_IN_PROGRESS` to `UPDATE_COMPLETE` you're done. ## Update on the command line * Set the EMAIL_ADDRESS that you'd like to receive notifications at if/when the incident response role is ever used. Note : EIS is *always* notified if the incident response role is ever used. * The STACK_NAME below is set to your existing InfosecClientRoles stack name * The REGION below is region in which your existing stack is deployed ```bash EMAIL_ADDRESS=example@example.com STACK_NAME=InfosecClientRoles REGION=us-west-2 AWS_DEFAULT_REGION=${REGION} aws cloudformation update-stack \ --stack-name ${STACK_NAME} \ --template-url https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml \ --parameters ParameterKey=EmailAddress,ParameterValue=${EMAIL_ADDRESS} \ --capabilities CAPABILITY_IAM ``` # How do you like to be contacted? Finally, if in the future you'd like to be contacted through a different channel (GitHub issue, Bugzilla ticket, ServiceNow, email, etc) for this type of thing or if there's a better person or place to make this request, do let us know. [1]: https://github.com/mozilla/security/blob/master/operations/aws-security-roles/README.md
Mozilla Enterprise Information Security (EIS) has an update to the security features we provide for your AWS account. You previously deployed the InfosecClientRoles into your account to enable EIS to perform security audits on your account and do security incident response in the case of a security breach. We have a new CloudFormation template that we'd like to have you update to in order to * grant additional security auditing read permissions * change incident response to a role trusting a dedicated incident response AWS account * enable AWS GuardDuty threat detection service and wire it up to the Mozilla Defense Platform (MozDef) There are many specifics if you're interested in the [README][1] What we'd like you to do is update your existing CloudFormation stack * AWS account IDs * 019598067430 * 058419420086 * 093365119719 * 095732026120 * 177680776199 * 178589013767 * 222455217982 * 246013728370 * 314563910040 * 359555865025 * 412902012385 * 417610946505 * 503205249670 * 516756624387 * 517826968395 * 558986605633 * 586197220278 * 589768463761 * 602876482920 * 633020870034 * 645554471334 * 711390850544 * 723362035877 * 921547910285 * 324161760293 * 932424332618 * 333683252453 * 329567179436 * AWS region : Depends on the account * CloudFormation stack name : Probably `opsec` with the new template. Here's how # Update your existing stack You can either do the update in the AWS web console or on the command line with the awscli tool. You'll be doing a CloudFormation stack update to a new template. ## Update in the web console * Browse to the [CloudFormation section](https://console.aws.amazon.com/cloudformation/home?region=us-west-2) * Select the `InfosecClientRoles` stack by checking the check circle next to it * In the `Actions` drop down in the upper right select `Update Stack` * On the `Prerequisite - Prepare template` screen select `Replace current template` * In the `Amazon S3 URL` field enter https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml * Click the `Next` button * Enter an optional email address to receive notifications at of use of the incident response role * On the `Specify stack details` click the `Next` button * On the `Configure stack options` page click the `Next` button * On the `Review` page click the checkbox that says `I acknowledge that AWS CloudFormation might create IAM resources.` * Click the `Update stack` button * When the CloudFormation stack completes the creation process and the `Status` field changes from `UPDATE_IN_PROGRESS` to `UPDATE_COMPLETE` you're done. ## Update on the command line * Set the EMAIL_ADDRESS that you'd like to receive notifications at if/when the incident response role is ever used. Note : EIS is *always* notified if the incident response role is ever used. * The STACK_NAME below is set to your existing InfosecClientRoles stack name * The REGION below is region in which your existing stack is deployed ```bash EMAIL_ADDRESS=example@example.com STACK_NAME=InfosecClientRoles REGION=us-west-2 AWS_DEFAULT_REGION=${REGION} aws cloudformation update-stack \ --stack-name ${STACK_NAME} \ --template-url https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml \ --parameters ParameterKey=EmailAddress,ParameterValue=${EMAIL_ADDRESS} \ --capabilities CAPABILITY_IAM ``` # How do you like to be contacted? Finally, if in the future you'd like to be contacted through a different channel (GitHub issue, Bugzilla ticket, ServiceNow, email, etc) for this type of thing or if there's a better person or place to make this request, do let us know. [1]: https://github.com/mozilla/security/blob/master/operations/aws-security-roles/README.md
Mozilla Enterprise Information Security (EIS) has an update to the security features we provide for your AWS account. You previously deployed the InfosecClientRoles into your account to enable EIS to perform security audits on your account and do security incident response in the case of a security breach. We have a new CloudFormation template that we'd like to have you update to in order to * grant additional security auditing read permissions * change incident response to a role trusting a dedicated incident response AWS account * enable AWS GuardDuty threat detection service and wire it up to the Mozilla Defense Platform (MozDef) There are many specifics if you're interested in the [README][1] What we'd like you to do is update your existing CloudFormation stack * AWS account IDs * 019598067430 * 058419420086 * 093365119719 * 095732026120 * 177680776199 * 178589013767 * 222455217982 * 246013728370 * 314563910040 * 359555865025 * 412902012385 * 417610946505 * 503205249670 * 516756624387 * 517826968395 * 558986605633 * 586197220278 * 589768463761 * 602876482920 * 633020870034 * 645554471334 * 711390850544 * 723362035877 * 921547910285 * 324161760293 * 932424332618 * 333683252453 * 329567179436 * 598097830519 * AWS region : Depends on the account * CloudFormation stack name : Probably `opsec` with the new template. Here's how # Update your existing stack You can either do the update in the AWS web console or on the command line with the awscli tool. You'll be doing a CloudFormation stack update to a new template. ## Update in the web console * Browse to the [CloudFormation section](https://console.aws.amazon.com/cloudformation/home?region=us-west-2) * Select the `InfosecClientRoles` stack by checking the check circle next to it * In the `Actions` drop down in the upper right select `Update Stack` * On the `Prerequisite - Prepare template` screen select `Replace current template` * In the `Amazon S3 URL` field enter https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml * Click the `Next` button * Enter an optional email address to receive notifications at of use of the incident response role * On the `Specify stack details` click the `Next` button * On the `Configure stack options` page click the `Next` button * On the `Review` page click the checkbox that says `I acknowledge that AWS CloudFormation might create IAM resources.` * Click the `Update stack` button * When the CloudFormation stack completes the creation process and the `Status` field changes from `UPDATE_IN_PROGRESS` to `UPDATE_COMPLETE` you're done. ## Update on the command line * Set the EMAIL_ADDRESS that you'd like to receive notifications at if/when the incident response role is ever used. Note : EIS is *always* notified if the incident response role is ever used. * The STACK_NAME below is set to your existing InfosecClientRoles stack name * The REGION below is region in which your existing stack is deployed ```bash EMAIL_ADDRESS=example@example.com STACK_NAME=InfosecClientRoles REGION=us-west-2 AWS_DEFAULT_REGION=${REGION} aws cloudformation update-stack \ --stack-name ${STACK_NAME} \ --template-url https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml \ --parameters ParameterKey=EmailAddress,ParameterValue=${EMAIL_ADDRESS} \ --capabilities CAPABILITY_IAM ``` # How do you like to be contacted? Finally, if in the future you'd like to be contacted through a different channel (GitHub issue, Bugzilla ticket, ServiceNow, email, etc) for this type of thing or if there's a better person or place to make this request, do let us know. [1]: https://github.com/mozilla/security/blob/master/operations/aws-security-roles/README.md
Mozilla Enterprise Information Security (EIS) has an update to the security features we provide for your AWS account. You previously deployed the InfosecClientRoles into your account to enable EIS to perform security audits on your account and do security incident response in the case of a security breach. We have a new CloudFormation template that we'd like to have you update to in order to * grant additional security auditing read permissions * change incident response to a role trusting a dedicated incident response AWS account * enable AWS GuardDuty threat detection service and wire it up to the Mozilla Defense Platform (MozDef) There are many specifics if you're interested in the [README][1] What we'd like you to do is update your existing CloudFormation stack * AWS account IDs * 019598067430 * 058419420086 * 093365119719 * 095732026120 * 177680776199 * 178589013767 * 222455217982 * 246013728370 * 314563910040 * 359555865025 * 412902012385 * 417610946505 * 503205249670 * 516756624387 * 517826968395 * 558986605633 * 586197220278 * 589768463761 * 602876482920 * 633020870034 * 645554471334 * 711390850544 * 723362035877 * 921547910285 * 324161760293 * 932424332618 * 333683252453 * 329567179436 * 598097830519 * 674311274208 * AWS region : Depends on the account * CloudFormation stack name : Probably `opsec` with the new template. Here's how # Update your existing stack You can either do the update in the AWS web console or on the command line with the awscli tool. You'll be doing a CloudFormation stack update to a new template. ## Update in the web console * Browse to the [CloudFormation section](https://console.aws.amazon.com/cloudformation/home?region=us-west-2) * Select the `InfosecClientRoles` stack by checking the check circle next to it * In the `Actions` drop down in the upper right select `Update Stack` * On the `Prerequisite - Prepare template` screen select `Replace current template` * In the `Amazon S3 URL` field enter https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml * Click the `Next` button * Enter an optional email address to receive notifications at of use of the incident response role * On the `Specify stack details` click the `Next` button * On the `Configure stack options` page click the `Next` button * On the `Review` page click the checkbox that says `I acknowledge that AWS CloudFormation might create IAM resources.` * Click the `Update stack` button * When the CloudFormation stack completes the creation process and the `Status` field changes from `UPDATE_IN_PROGRESS` to `UPDATE_COMPLETE` you're done. ## Update on the command line * Set the EMAIL_ADDRESS that you'd like to receive notifications at if/when the incident response role is ever used. Note : EIS is *always* notified if the incident response role is ever used. * The STACK_NAME below is set to your existing InfosecClientRoles stack name * The REGION below is region in which your existing stack is deployed ```bash EMAIL_ADDRESS=example@example.com STACK_NAME=InfosecClientRoles REGION=us-west-2 AWS_DEFAULT_REGION=${REGION} aws cloudformation update-stack \ --stack-name ${STACK_NAME} \ --template-url https://s3.amazonaws.com/public.us-west-2.infosec.mozilla.org/infosec-security-roles/cf/infosec-security-audit-incident-response-guardduty-roles-cloudformation.yml \ --parameters ParameterKey=EmailAddress,ParameterValue=${EMAIL_ADDRESS} \ --capabilities CAPABILITY_IAM ``` # How do you like to be contacted? Finally, if in the future you'd like to be contacted through a different channel (GitHub issue, Bugzilla ticket, ServiceNow, email, etc) for this type of thing or if there's a better person or place to make this request, do let us know. [1]: https://github.com/mozilla/security/blob/master/operations/aws-security-roles/README.md