icon-deception.svg
Deception

Managing AWS Decoys

You can manage your Amazon Web Services (AWS) decoys from the Zscaler Deception. All decoys created from the Zscaler Deception Admin Portal are tabulated under their respective decoy category tabs. Each table shows the details associated with each decoy in the category and also shows its deployment status. You can also edit or delete decoys by using the respective options from the decoys table.

Checking Deployment Status

At the time of integration, Deception deploys a health check lambda function on AWS. This function periodically checks all decoy resources deployed on AWS and updates their status to the Deception Admin Portal every 15 minutes. You can check the deployment status indicated by the icon next to the name of the decoy in the decoys table. The following icons are used to show the status of the decoys:

  • Green status icon– Indicates a deployed state.
  • Orange status icon– Indicates an inactive state. This means the decoy no longer exists on AWS or one of its properties used to reference does not exist. This happens when the decoy or its resources are manipulated directly from AWS.
  • Grey status icon– Indicates a pending deployment state. This means that the decoy has been created or modified in the Deception Admin Portal, but the deployment script to propagate changes to the AWS cloud has not been initiated.
  • Red status icon– Indicates a pending deletion state. This means that the decoy has been deleted from the Deception Admin Portal, but the deployment script to propagate changes to the AWS cloud has not been initiated.

Editing or Deleting AWS Decoys

You can edit or delete the AWS decoys that you configured in the Deception Admin Portal. Such changes made to the AWS decoys in the Deception Admin Portal are propagated to the AWS cloud only after running the deployment script on the AWS CloudShell.

Prerequisites

Obtain the CloudShell command using one of the following methods:

Editing an AWS Decoy

To edit an AWS decoy:

  1. Go to Deceive > Cloud Deception > AWS.
  2. Select the relevant decoy category tab. For example, if you want to edit an IAM user decoy, select the IAM tab.

  3. Make sure that the decoy you want to edit is in the Not Deployed state, and then click the Edit icon for the decoy.
  4. Modify the decoy details as per your requirements.
  5. Click Save.
  6. Sign in to the AWS Management Console as an administrator.
  7. Launch CloudShell by clicking the CloudShell icon on the top navigation bar.

    The AWS CloudShell window appears.

  8. In the AWS CloudShell window:

    1. Run the deployment script using the command obtained via the automated download method or manual download method.
    2. Enter the option to deploy the preferred decoy and press Enter.

Upon successful execution of the script, the changes are propagated to the AWS cloud.

Deleting an AWS Decoy

To delete an AWS decoy:

  1. Go to Deceive > Cloud Deception > AWS.
  2. Select the relevant decoy category tab. For example, if you want to delete an IAM user decoy, select the IAM tab.

  3. Click the Delete icon for the decoy.
  4. Sign in to the AWS Management Console as an administrator.
  5. Launch CloudShell by clicking the CloudShell icon on the top navigation bar.

    The AWS CloudShell window appears.

  6. In the AWS CloudShell window:

    1. Run the deployment script using the command obtained via the automated download method or manual download method.
    2. Enter the option to deploy the preferred decoy and press Enter.

Upon successful execution of the script, the changes are propagated to the AWS cloud.

Related Articles
About Cloud Deception with AWSSetting Up Cloud Deception with AWSCreating and Managing Tags for AWS ResourcesUnderstanding the Functions of the AWS Deployment ScriptObtaining the Deployment Script for AWSCreating an IAM Decoy in AWSCreating an S3 Decoy in AWSCreating an RDS Decoy in AWSCreating an ECR Decoy in AWSCreating a DynamoDB Decoy in AWSCreating a VM Image Decoy in AWSConfiguring Lures Using AWS DecoysManaging AWS DecoysDeleting AWS Deception Settings