AWS authorization

Configure AWS settings.

Most requests to AWS must be signed with an AWS Signature Version 4 access key, which consists of an access key ID and secret access key. You must provide these to AppScan so it its requests will not be denied.

If requests to your AWS application require AWS Signature Version 4, AppScan must be able add this to its requests. The following information is required for this:
  • Default:
    • Access key
    • Secret key
    • Region (the region that houses the service, for example: us-east-2)
    • Service (the service code, for example: s3, see below for more details)
  • Cognito:
    • Identity pool ID
    • Region (the region that houses the service, for example: us-east-2)
    • Service (the service code, for example: s3, see below for more details)
The keys and ID are encrypted and not readable in the saved scan template file (SCANT).

What is my service code?

The code for your AWS endpoint service is the segment that precedes amazonaws.com or the region code in the AWS host name. For example, s3 is the endpoint service for both https://<account-id>.s3-control.eu-north-1.amazonaws.com and https://s3.us-east-2.amazonaws.com host names. For more information, see Service endpoints and quotas in AWS.

Restricting AWS to specific parts of the site

By default, the AWS settings are used for the entire site. If AWS is used for only parts of the site,you can define them in the lower pane. You can define URLs, paths and/or folders.

To restrict AWS to part of the site:
  1. Click
  2. In the Add path dialog, enter a single URL, path, or folder, and click OK.
  3. Repeat to define all parts of the site that use AWS.