Roar Users Guide & Documentation

Welcome! You'll find comprehensive guides and documentation to help MSPs start working with Liongard's Roar as quickly as possible, as well as support if you get stuck. Let's go #MakeITRoar!

Get Started    

Amazon Web Services

This document provides the steps required to configure the Amazon Web Services Inspector.


Quick Details

Recommended Agent: On-Demand
Supported Agents: On-Demand or Self-Hosted
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: API
Data Summary: Here


See it in Action

Video isn't playing? Click here.

Inspector Setup Preparation

Step 1: Log into AWS

Sign into Amazon Web Services

Log into AWS

Complete Multi-factor Authentication

Select Services in the Menu

Select IAM under the Security, Identity, & Compliance heading

Step 2: Create an Additional IAM Policy (Optional)

LiongardWorkspacesReadOnly (Custom Access, optional)

  • If you would like to record Workspaces information, then you can add a read-only permission for Workspaces like this.

On the left-hand menu select Policies, and then select Create Policy

Locate the Workspaces service

Select on Workspace, then select the checkboxes next to the List and Read permissions

Expand Resources and select the checkbox to the left of Any in this account next to workspacebundle

Select Review policy at the bottom right

Name the policy "LiongardWorkspacesReadOnly," then select Create Policy

Step 3: Create an IAM Group and Attach Policies

On the left-hand menu select Groups

Select Create New Group

Name the Group APIReaderAccess

Click Next Step at the bottom right

Add the following Policies:

  • AmazonEC2ContainerRegistryReadOnly
  • AmazonEC2ReadOnlyAccess
  • AmazonS3ReadOnlyAccess
  • AWSCloudTrailReadOnlyAccess
  • IAMReadOnlyAccess
  • AmazonRDSReadOnlyAccess
  • AWSPriceListServiceFullAccess
  • AmazonAppStreamReadOnlyAccess
  • LiongardWorkspacesReadOnly (Optional from step 2 above)


Additional Services

If you encounter an issue during an Inspection, you can review the logs to determine which AWS Service it may be failing on. You will need to attach additional ReadOnlyAccess policies to the Group. For example, if a customer utilizes Lambda, the AWSLambdaReadOnlyAccess Policy should be added.

Click Next Step at the bottom right

Review the policies attached, and select Create Group at the bottom to proceed

Step 4: Create an IAM User

The confirmation screen should show the list of Groups and there should be zero (0) users attached to the group. Now, select the Users menu item.

Select Add user


Naming Conventions

Please refer to your organization's naming convention policies when creating usernames. Usernames we state in the documentation are suggestions only.

Name the User account and select Programmatic access

We recommend using the convention "liongard-awsapi-MMDD" or a random string at the end

Add the User created to the Group made in the prior steps

Add the API Reader Access Group and select Create User

Download CSV

Download the Access key ID and the Secret access key and save to a vault.

Liongard Inspector Setup

Individual Inspector Setup

In Liongard, navigate to Admin > Inspectors > Navigate to the Amazon Web Services Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System Inspector should be associated to
  • Friendly Name: Suggested "AWS [Environment Name]"
  • Agent: On-Demand
  • Inspector Version: Latest
  • Access Key ID: The ID of the account you created in the steps above
  • Secret Access Key: The Key should reside in the CSV document downloaded from the prior step
  • Region: Specify the region(s) that the customer AWS stack resides. You may select more than one region
  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute.

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Roll out Inspectors at Mass via CSV Import

For more information, please watch our How To video

To import Amazon Web Services Inspectors via CSV Import, navigate to Admin > Inspectors > Amazon Web Services > Select the down arrow icon in the top right-hand to Download CSV Import Template.

In the CSV Template, each row, starting on row three, will represent an Inspector. Fill in the following information for each Inspector you want to roll out:

  • Agent.Name: Enter "On-Demand Agent"
  • Inspector.Name: Enter "aws-inspector"
  • Environment.Name: This column is case sensitive. Copy and paste the associated Environment name from the Dashboard screen
  • Alias: Enter the Desired Friendly Name
  • SecureConfig.AWS_ACCESS_KEY_ID: Enter the ID of the account you created in the Inspector Setup Preparation
  • SecureConfig.AWS_SECRET_ACCESS_KEY: Enter the Key from the CSV document downloaded in the Inspector Setup Preparation
  • Config.AWS_REGION[0]: Enter the region where the customer's AWS stack resides. If you would like to inspect multiple regions, you will need to add a column to the left called "Config.AWS_REGION[1]", "Config.AWS_REGION[2]", etc., and in each column enter the additional region that you would like to inspect
  • FreqType: Enter "days"
  • FreqInterval: Enter "1"

When ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > Amazon Web Services > Select the up arrow icon in the top right-hand to Import CSV > Select your saved template.

After the successful import notification, reload your browser to find your imported Inspectors.

These Inspectors will automatically trigger themselves to run within a minute.


AWS Failure

Often an AWS failure will be due to the API key no longer being valid. This usually means the API key has been deleted.

Amazon Web Services Quick Tips/FAQs

Inspector FAQs

Updated about a month ago

Amazon Web Services

This document provides the steps required to configure the Amazon Web Services Inspector.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.