3rd Party Authentication view

3rd Party Authentication view of the Configuration dialog box lets you configure AWS settings.

Most requests to AWS must be signed with an AWS Signature Version 4 access key, which consists of an access key ID and secret access key. You must provide these to AppScan so it its requests will not be denied.

If requests to your AWS application require AWS Signature Version 4, AppScan must be able add this to its requests. The following information is required for this:
  • Default:
    • Access key
    • Secret key
    • Region (the user's region, for example: us-east-2)
    • Service (the type of service, for example: s3)
  • Cognito:
    • Identity pool ID
    • Region (the user's region, for example: us-east-2)
    • Service (the type of service, for example: s3)
The keys and ID are encrypted and not readable in the saved scan template file (SCANT).

Restricting AWS to specific parts of the site

By default, the AWS settings are used for the entire site. If AWS is used for only parts of the site,you can define them in the lower pane. You can define URLs, paths and/or foders.

To restrict AWS to part of the site:
  1. Click
  2. In the Add path dialog, enter a single URL, path, or folder, and click OK.
  3. Repeat to define all parts of the site that use AWS.