/
AUTOMATE LIGHT, AUTOMATE & AUTOMATE+ deployment requirements

AUTOMATE LIGHT, AUTOMATE & AUTOMATE+ deployment requirements

Owned by Paul Tompkins (Unlicensed)
Last updated: Mar 17, 2025 by 6pillars
2 min read

AUTOMATE LIGHT

Requires AWS Security Hub & AWS Config to be pre-enabled. A one time set of findings is provided to AUTOMATE LIGHT.

 

AUTOMATE (Read Only) & AUTOMATE+ (Continuous Compliance) enables the following AWS-native services during deployment for use by the SaaS platform (If not already enabled):

  • AWS Security Hub

  • AWS Config, which leverages an S3 bucket and an SNS Topic.

  • One AWS SNS Topic: To public security events to AUTOMATE. Also uses one KMS key.

  • Two AWS EventBridge Rules: Route events from AWS Security Hub to the associated AWS SNS Topic.

  • An AWS Lambda: Creates a custom action that targets AWS Security Hub.

  • An IAM role: An IAM role is created to run the Lambda in the environment.

AUTOMATE+ in addition to the above also deploys:

  • AWS Security Hub Automated Security Response (the engine that provides remediation & continuous compliance)

  • AWS Systems Manager

  • AWS Lambdas

  • AWS Step Functions

  • Additional AWS SNS Topics

  • An additional AWS KMS Key

  • AWS CloudWatch groups

 

Its important to highlight that AUTOMATE+ has a few key requirements in order for a deployment to progress smoothly:

 

Note: An AWS Cross Account Role is used during the 15 minute deployment peroid, find more information on this here.

  • IAM user requirements during deployment

During deployment an IAM user is required to:
‎ ‎ ‎ a) Be logged into the relevant AWS account.
‎ ‎ ‎ b) Have the relevant permissions to deploy AWS CloudFormation Stacks.
‎ ‎ ‎ c) Appropriate permissions in order to deploy & configure the related AWS native services for AUTOMATE+ to function.


Details on these permissions can be found here.

 

  • IAM role requirements

AUTOMATE+ deploys a number of roles which are required in order to facilitate automation post deployment. These roles are visible within your AWS Account. The deployed roles have the following name suffixes:

‎ a) six-pillars-role

b) six-pillars-config

c) AWSServiceRoleForConfig

d) SO0111 (AUTOMATE+ only)

 

Should you experience any issues while deploying AUTOMATE+, please contact us at support@6pillars.ai and we will be able to assist.

Related content