How to Onboard AWS Account

Log in to CloudSecOps portal using your credentials.

Once you successfully logged in for the first time. You will be able to see the "Environment" page only under Global Tenant Setting (please refer to the screenshot below).

You will be able to see all of the pages once you add any AWS or Azure account.

Now, hit the marked option to link your AWS account.

There are 2 ways to link an AWS account:

  1. Using CloudFormation Template

  2. Providing Access and Secret Keys

Using CloudFormation Template

Here are some things you should note:

  • Make sure the IAM user you'll use to create the CloudFormation Stack has the following permissions attached - AmazonSNSFullAccess, AWSCloudFormationFullAccess and IAMFullAccess.

  • CloudFormation stack will be created in the region North Virginia(us-east-1).

  • We will be creating one IAM Role with ReadOnlyAccess and SecurityAudit Policy attached.

Step 1: Basic Information

Start with giving it a name.You can give any name for your account. Labels help you to identify the account. Some examples of labels are: US PROD, Dev server, etc.

Step 2: Organization

Now you give your organization a name. An organization is where you can add multiple AWS accounts.

Step 3: Attach the required policies

This is where you need to decide on the policies. You will see 3 checkboxes there:

  1. Minimum required policy: This is the minimum required policy (read-only) we would need to evaluate your resources. We will attach SecurityAudit, AWSSSODirectoryReadOnly policy to get information about your cloud users, policies, resources, and their configurations and Identity store data. This helps us to provide you with CSPM, Compliance, CIEM, Attack-Path-Graph, and more. To check what actions can be performed by CloudDefense if this policy is attached, Click here

  2. Required policy for Workload Scan: CloudDefense.Ai can scan servers in your cloud environment for vulnerabilities, malware etc. To achieve this without slowing down your running workloads, we use side scanning. To enable this feature check this box. Enabling this feature grants us permission to associate AmazonEC2FullAccess to a role which we will create to interact with your account. To check what actions can be performed by CloudDefense if this policy is attached Click here

  3. Required policy for Agentless Cloud Threat Detection: CloudDefense.AI uses AmazonS3ReadOnlyAccess which enables us to detect threats and anomalies in near real-time in your cloud environment without the installation of agents. To enable this feature check this box. To check what actions can be performed by CloudDefense if this policy is attached Click here

Step 4: Choose regions

We will only scan the regions that you choose here. You can choose any specific region or all region.

Step 5: Final Step

Now hit “Create Cloud Formation Template” button. Before that, please make sure. To see details of the CloudFormation policy, click on the hyperlink on this page.

After that:

  • Click check box “I acknowledge that AWS CloudFormation might create IAM resources with custom names.“(Refer to image below)

  • Click create stack button. (Refer to image below)

Manually Providing AWS Access and Secret Keys

Step 1: Provide Access and Secret Keys

If you want to use AWS Access and Secret keys to link your account, you can do so. Click on the manual tab from the top and input the AWS Access key and Secret key.

Make sure that the IAM user has these minimum required policies attached:

  1. SecurityAudit

  2. AWSSSODirectoryReadOnly

  3. AmazonS3ReadOnlyAccess

You can check the instructions from the right side panel.

Step 2: Basic Information

Start with giving it a name.You can give any name for your account. Labels help you to identify the account. Some examples of labels are: US PROD, Dev server, etc.

Step 3: Organization

Now you give your organization a name. An organization is where you can add multiple AWS accounts.

Step 4: Choose regions

We will only scan the regions that you choose here. You can choose any specific region or all region.

Step 5: Accept terms and conditions

Once done click Connect account. Once the account is added, the scan will get automatically started.

NextHow to Onboard Microsoft Azure Account

Last updated