Lacework Foundational Technical Review Assessor

Overview

Use the Lacework Foundational Technical Review (FTR) Assessor to assess your AWS SaaS solution against the AWS FTR requirements. The tool generates the following items for your FTR:

• Your FTR Self-Assessment Checklist. The FTR Assessor produces a partially completed FTR Checklist that you can use as a starting point for your FTR submission. The FTR Assessor populates the checklist with the information it gathers from your AWS account.
• Your CIS AWS Foundations Benchmark Report. The FTR Assessor produces a report that shows how your AWS account complies with the CIS Amazon Web Services Foundations Benchmark. The report includes a summary of the number of checks that passed, failed or, were not applicable.
• Your AWS Architecture Diagram. The FTR Assessor generates an architecture diagram that shows the resources in your AWS account. It produces a SVG file and a Graphviz DOT file that you can further modify and generate your own image. A diagram is generated for each region in your AWS account.

note

The FTR Assessor is available as a CloudFormation template for existing Lacework customers. New Lacework customers can download the Lacework FTR Assessor from the AWS Marketplace.

Architecture

The FTR Assessor is a serverless web application that uses AWS Fargate ECS to audit your AWS account where your SaaS solution resides.

Use the CloudFormation Template to Deploy the Assessor

Make sure the following prerequisites are met before using the assessor:

• The AWS account your want to assess is integrated with Lacework.
• Have AWS IAM permissions to execute CloudFormation templates, create IAM roles, and create ECS tasks.
• Have the ability to create a new VPC.

1. Select the Launch Stack button to log in to your CloudFormation console and launch the template.

   

2. Specify the following Basic Configuration parameters:

   • Specify the Stack name for the stack.
   • Specify Your Lacework Account Name.
   • Specify your Lacework Access Key ID and Lacework Secret Key that you copied from your API Keys file. Make sure to you create the API Keys with Admin privileges as a User or Service Account. See API Keys.
   • Do not specify a value for an IAM role.

3. Select Next through to your stack Review.

4. Accept the AWS CloudFormation terms and click Create stack.

5. Select the Outputs tab, after the stack is created.

6. Copy the PassCode.

7. Select the FtrUrl link. You are taken the FTR Assessor web application.

8. Enter the PassCode and then select Submit.

9. Follow the instructions in the FTR Assessor web application to generate your checklist, CIS AWS Foundations Benchmark Report, and architecture diagram.

The FTR Assessor generates a ZIP file that contains your FTR Checklist, CIS Amazon Web Services Foundations Benchmark Report, and Amazon Web Services Architecture Diagram. When the assessment is complete, you can download the ZIP file from the FTR Assessor web application.