Risk Manager setup is simple. Sign up for a free trial here. When you start your trial, you'll be able to set up your first environment.
Define your environment
One of the first actions you’ll take in Risk Manager will be to define your environment. This environment will be a collection of configuration parameters including regions, resource types, tags, and compliance standards and/or benchmarks. Selecting the “Define Your Environment” button (which appears by default for new users) will prompt you to provide an environment name, select a region, choose resources to be scanned or enforced, and specify an IAM role ARN with the appropriate permissions.
When you define an environment, you will also specify the cloud resources you want Risk Manager to scan and enforce in the "Resources to Include" section.
In the "Scan Access" or "Enforce Access" column, check the box next to the name of the resource you want included in scans or enforcement.
To select or deselect all resources for scan or enforce access, check the box next to the "Scan Access" or "Enforce Access" heading. To select or deselect all resources for a service, check the box next to the service heading (e.g.,
* indicates that a resource has a dependency that will automatically be included when selecting the resource. This means both resources will be included in the IAM role policy.
Enforcement access (write permission) requires scan access (read permission). If you select enforcement access for a resource, scan access will automatically be selected.
To expand the list and display all resources, select "Expand Resources" below the list. Then, to shorten the list, select "Contract Resources."
Specify IAM Role
Before you can run Risk Manager, you will need to create an AWS IAM role with the appropriate permissions. (Read more about IAM Roles here.)
Create IAM Role
If "Create New AWS IAM Role" is selected, clicking the "Launch Stack in AWS Console" button will take you to a page that enables you to create a CloudFormation stack in your account.
Follow the prompts (default settings are fine) by clicking "Next" until you reach a page requesting acknowledgment for the creation of the required IAM resources.
Clicking "Create" will take you to the CloudFormation stacks page and display the stack creation status. (This process typically takes less than a minute.)
Once the stack is created, if you click on the "Outputs" tab, you will see the ARN that you need to copy to include when you define your environment (in the AWS IAM Role ARN field).
Update IAM Role
To update an IAM role's scan and/or enforce access permissions, select "Edit Existing AWS IAM Role." The IAM policy generated for the permissions chosen in "Resources to Include" is displayed. Hover over the policy to reveal a "Copy to Clipboard" icon. To display all of the JSON, you can select "Expand JSON." Then, to shorten the JSON, select "Contract JSON."
Once you've copied the policy to your clipboard, select "Edit IAM Role In AWS Console" to head to the IAM Management Console and follow these steps:
Navigate to "Roles" in the left sidebar and look for
FugueRiskManagerMaster, then select the role.
Select "Edit policy."
Select the JSON tab.
Replace the existing policy with the updated policy and select "Review policy."
Select "Save changes."
Back in Risk Manager, select "Continue."
Select Compliance Libraries
To view compliance results for your defined cloud environment, select one or more of these standard compliance libraries:
- CISconfiguration guidelines created by the Center for Internet Security for various technology groups to safeguard systems against today’s evolving cyber threats.
- GDPRrefers to the European General Data Protection Regulation, or standards that were introduced for data protection and privacy for individuals within the EU and EEA.
- HIPAAshort for the Health Insurance Portability and Accountability Act of 1996 (HIPAA) these regulations protect the privacy and security of certain health information.
- NISTshort for National Institute of Standards and Technology, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA).
- PCI DSS short for Payment Card Industry Data Security Standard, the PCI DSS is a set of standards that emphasizes data security for companies that process credit cards.
You may also select none and instead add them at a later date via the environment settings.
What is supported?
Supported browsers include the latest versions of: Chrome, Safari, Edge, Firefox, and Opera. Note: Internet Explorer is not supported.
For the initial beta release Risk Manager supports AWS. Additional cloud providers including (in no particular order): Azure, Google Cloud Platform, IBM, etc., are also on our roadmap and will be part of a future release. If you’re an interested customer and want to talk about your requirements we’d love to hear from you. Reach out to us at firstname.lastname@example.org.
Initially, Risk Manager will work a number of AWS services (EC2, VPC, IAM, S3, etc…) with plans to rapidly expand service coverage during and after the beta release. If you have questions about specific services you can reach out to us at email@example.com.
Note: Any supported service will apply to both the services Risk Manager will scan for drift detection or if enabled, the services that Risk Manager will remediate via baseline enforcement.
Now that you're set up, you can walk through an overview of your Compliance Report.
Or if you're ready to explore more of Risk Manager's capabilities, review our Use Cases.