Note: It may take up to 15 mins to add your AWS Cloud Account in Cloudnosys.
Before you set up your AWS Cloud Account on Cloudnosys, you need to have:
- An account on Cloudnosys (https://cloudnosys.com/docs/sign-up/)
- An AWS Cloud Account
- Permission to create service accounts
- Permission to deploy stack set and CFTs
1. Begin Setup #
- Navigate to the Cloud Accounts dashboard and click on the Add Account button.
- Select Amazon Web Services from the Select your Cloud Account Provider page.
- Enter a valid string in the AWS Account Name field. You can input any name here.
- Select the regions that you want to protect your resources from, if you are not sure, then choose, select all (Recommended).
- Click on Next and you’ll see the following page:
- If you already have a Role ARN, then insert Role ARN and skip the next section completely. Otherwise, continue.
2. Get a Role ARN #
- For the ARN, log into your AWS console in a new tab or click here to go to your AWS console and then go to IAM.
- Navigate to Roles in the IAM console and click on the Create Role button.
- Select AWS account, check the Another AWS Account button, and Require external ID checkbox, as shown in the picture below.
- Navigate back to the Cloudnosys Console tab, and copy the AWS Account ID and External ID.
- Paste them into the Account ID and External ID fields in your AWS console shown above in Step 3. And then click on the Next button.
Note: Do not refresh the Cloudnosys tab at this point, because External ID changes every time the page is refreshed.
- On the next screen that appears, click on the Create Policy button.
- This will open a new tab with the AWS Create Policy screen. Do NOT close the previous tab yet.
- Navigate back to your Cloudnosys tab and select your desired policy out of the two given policies, by clicking on either of them.
Cloudnosys provides two types of Policies:
– Full Protection Policy (Full-Access) – Provides Remediation [RECOMMENDED]
– Security and Audit Policy (Read-Only) – Does not provide Remediation
- After deciding on the desired policy, click on the corresponding policy’s View Policy button. This will pop open a modal showing the policy in JSON format. Click on the Copy Policy button to copy it.
- Go back to the Create Policy page and paste it into the JSON editor – you can overwrite what is already written there. Then click on the Next: Tags button.
- Click on the Next: Review button.
- On the Review Policy page that appears, enter your Policy name and description, and then click on Create Policy.
- Navigate back to the AWS Console tab where the Create Role page is opened. Refresh the tab.
- Search for the policy you just created and select it. Then click on Next.
- On the next screen, finally, name the role and click on Create Role.
- This would successfully create your IAM Role, generate a Role ARN, and take you to the Roles page.
- Locate your Role name, click on it, and it will open up your role Summary – displaying your Role ARN near the top of the summary. Copy the Role ARN and then navigate back to the Cloudnosys Console tab.
3. Complete setting up #
- Paste the Role ARN into the ARN field shown below.
- Complete the setup by clicking Test Connection and you have set up your AWS Cloud Account!
Congratulations! You’re all set to get insight into the risks & vulnerabilities in your AWS account/(s) and protect your environment.
What’s Next… #
As you configure your AWS account with Cloudnosys, we highly recommend you implement the following advanced features to get the most comprehensive protection of your environment:
- EagleEye (Real-time threat detection)
- Cloudxray (Malwares & OS Scanning)