How to Onboard AWS Account
Last updated
Last updated
Log in to CloudSecOps portal using your credentials.
Once you successfully logged in for the first time. You will be able to see the "Environment" page only under Global Tenant Setting (please refer to the screenshot below).
You will be able to see all of the pages once you add any AWS or Azure account.
Now, hit the marked option to link your AWS account.
There are 2 ways to link an AWS account:
Using CloudFormation Template
Providing Access and Secret Keys
Here are some things you should note:
Make sure the IAM user you'll use to create the CloudFormation Stack has the following permissions attached - AmazonSNSFullAccess, AWSCloudFormationFullAccess and IAMFullAccess.
CloudFormation stack will be created in the region North Virginia(us-east-1).
We will be creating one IAM Role with ReadOnlyAccess and SecurityAudit Policy attached.
Start with giving it a name.You can give any name for your account. Labels help you to identify the account. Some examples of labels are: US PROD, Dev server, etc.
Now you give your organization a name. An organization is where you can add multiple AWS accounts.
This is where you need to decide on the policies. You will see 3 checkboxes there:
Minimum required policy: This is the minimum required policy (read-only) we would need to evaluate your resources. We will attach SecurityAudit, AWSSSODirectoryReadOnly policy to get information about your cloud users, policies, resources, and their configurations and Identity store data. This helps us to provide you with CSPM, Compliance, CIEM, Attack-Path-Graph, and more. To check what actions can be performed by CloudDefense if this policy is attached, Click here
Required policy for Workload Scan: CloudDefense.Ai can scan servers in your cloud environment for vulnerabilities, malware etc. To achieve this without slowing down your running workloads, we use side scanning. To enable this feature check this box. Enabling this feature grants us permission to associate AmazonEC2FullAccess to a role which we will create to interact with your account. To check what actions can be performed by CloudDefense if this policy is attached Click here
Required policy for Agentless Cloud Threat Detection: CloudDefense.AI uses AmazonS3ReadOnlyAccess which enables us to detect threats and anomalies in near real-time in your cloud environment without the installation of agents. To enable this feature check this box. To check what actions can be performed by CloudDefense if this policy is attached Click here
We will only scan the regions that you choose here. You can choose any specific region or all region.
Now hit “Create Cloud Formation Template” button. Before that, please make sure. To see details of the CloudFormation policy, click on the hyperlink on this page.
After that:
Click check box “I acknowledge that AWS CloudFormation might create IAM resources with custom names.“(Refer to image below)
Click create stack button. (Refer to image below)
If you want to use AWS Access and Secret keys to link your account, you can do so. Click on the manual tab from the top and input the AWS Access key and Secret key.
Make sure that the IAM user has these minimum required policies attached:
SecurityAudit
AWSSSODirectoryReadOnly
AmazonS3ReadOnlyAccess
You can check the instructions from the right side panel.
Start with giving it a name.You can give any name for your account. Labels help you to identify the account. Some examples of labels are: US PROD, Dev server, etc.
Now you give your organization a name. An organization is where you can add multiple AWS accounts.
We will only scan the regions that you choose here. You can choose any specific region or all region.
Once done click Connect account. Once the account is added, the scan will get automatically started.
