Before you process, please note the following:

• It may take less than 5 minutes to add an AWS Account with the Basic protection level and an additional 5 to 10 minutes to add an AWS Account with the Advanced protection level on Cloudnosys.
• You can only connect one AWS account to one cloud account (with Basic/Advanced protection level) on Cloudnosys, at a time.

Prerequisites #

Before you set up your AWS Cloud Account on Cloudnosys, you need to have:

• An AWS Cloud Account
• A user with a policy that allows admin access to AWS CloudFormation & IAM services

Choose a Protection Level #

1. Navigate to the Cloud Accounts list page from the Setup module.
   
   
2. Click on the Add Account button.
   
   
3. Select AWS as your Cloud Account Provider.
   
   
   
   
4. Give a name to your Cloud Account. Choose a name that will make it easily differentiable if you add more distinct AWS accounts on Cloudnosys.
   
   
   
   
5. Select the Protection Level for your cloud account from the options given. The benefits of both options are outlined under their names.
   
   
   
   
6. Click on the Next button to go to the next step.

Create Roles #

1. If not already logged in to your AWS Account, log in by clicking on the “Login to AWS” button.
   
   
   
   
2. Click on the “Create IAM Roles” button and then wait a bit for a new tab to open.
   
   
   
   
3. If a new tab opens up, then skip to the next step. However, if a new tab does NOT get open up, then it may have gotten blocked by your browser.
   
   
   1. If you use Google Chrome you might see an icon in the Address Bar as shown below:
      
      
      
   2. Click on the Icon. This will display the popover shown below:
      
      
      
   3. Select the “Always allow” option
      
      
      
   4. Click on “Done”.
      
      
   5. Click on the “Create IAM Roles” button again.
      
      
4. In the new tab of AWS that gets opened, scroll down to the bottom of the page.
   
   
   
   
5. Click on the checkbox before the statement “I acknowledge that AWS CloudFormation might create IAM resources with custom names” to mark it.
   
   
   
   
6. Click on the “Create Stack” button. This will initiate the Roles Creation process.
   
   
   

Connect with Cloudnosys #

1. Wait till all the relevant roles are created successfully, as highlighted in the image below:
   
   
   
   
2. From the Output tab, copy the Role ARN created after deploying the CFT.
   
   
   
   
3. Paste it in the “Cloudnosys Role ARN (RoleARN)” field.
   
   
   
   
4. • If you’re adding a Basic Protection Level cloud account then click on “Next” and skip the next section. Go straight to the Testing section.
   • If you’re adding an Advanced Protection Level cloud account then follow the instruction in the next section.
     

Create Stack (for Advanced Protection Level only) #

The only difference between the process of adding an Advanced Protection Level cloud account and a Basic Protection Level cloud account is that of Creating a Stack.

Hence, skip this section if you are adding a Basic Protection Level cloud account.

1. Choose an appropriate region to deploy the Cloudxray Stack in.
   
   
   
   
2. Click on the “Deploy Stack” button and then wait a bit for a new tab to open.
   
   
   
   
3. In the new tab of AWS that gets opened, scroll down to the bottom of the page and click on the “Create Stack” button. A similar process will begin as in the last section.
   
   
   
   
4. Wait for the Stack to get deployed successfully. If you move forward without waiting, you will face an error in the next step.
   
   
5. Click on the checkbox before the statement “I acknowledge that I have deployed the Cloud Formation Template in my account & the creation of resources has been completed” to mark it.
   
   
   
   
6. Click on “Next” to test the connection & add the cloud account.
   

Testing #

Once you are on the Testing step, Cloudnosys will automatically run a few tests to ensure that the Cloud Account is integrated properly with the intended settings.

Once the connection has been established successfully, the “Finish & Run Scan” button will become enabled.

Once you click on the “Finish & Run Scan” button, the CloudEye scan will begin running instantly.

What’s next? #

If you added a Basic Protection Level cloud account, then Cloudnosys will only run the CloudEye scan, i.e. the CSPM scan which will check your cloud account for misconfiguration.

If instead, you added an Advanced Protection Level cloud account, then Cloudnosys will also run the Cloudxray scan right after the CloudEye scan.