Note: It may take up to 15 mins to add your AWS Cloud Account in Cloudnosys.
Before you set up your AWS Cloud Account on Cloudnosys, you need to have:
- An account on Cloudnosys (https://cloudnosys.com/docs/sign-up/)
- An AWS Cloud Account
- Permission to create service accounts
- Permission to deploy stack set and CFTs
1. Begin Setup #
- Navigate to the Cloud Accounts dashboard and click on the Add Account button.
- Select Amazon Web Services from the Select your Cloud Account Provider page.
- Enter a valid string in the AWS Account Name field. You can input any name here.
- Select the regions that you want to protect your resources from, if you are not sure, then choose, select all (Recommended).
- Click on Next and you’ll see the following page:
- If you already have a Role ARN, then insert Role ARN and skip the next section completely. Otherwise, continue.
2. Get a Role ARN #
- For the ARN, log into your AWS console in a new tab or click here to go to your AWS console and then go to IAM.
- Navigate to Roles in the IAM console and click on the Create Role button.
- Select AWS account, check the Another AWS Account button, and Require external ID checkbox, as shown in the picture below.
- Navigate back to the Cloudnosys Console tab (as shown in the picture in step 5), copy the AWS Account ID and External ID, and paste them into the Account ID and External ID fields in your AWS console shown above. And then click on the Next button.
Note: Do not refresh the Cloudnosys tab at this point, because External ID changes every time the page is refreshed.
- On the next screen that appears, click on the Create Policy button.
- This will open a new tab with the AWS Create Policy screen. Do NOT close the previous tab yet.
- Navigate back to your Cloudnosys tab and select your desired policy out of the two given policies, by clicking on either of them.
Cloudnosys provides two types of Policies:
– Full Protection Policy (Full-Access) – Provides Remediation [RECOMMENDED]
– Security and Audit Policy (Read-Only) – Does not provide Remediation
- After deciding on the desired policy, click on the corresponding policy’s View Policy button. This will pop open a modal showing the policy in JSON format. Click on the Copy Policy button to copy it.
- Paste it in the JSON editor of the Create Policy page and then click on the Review Policy button.
- On the Review Policy page that appears, enter your Policy name and description, and then click on Create Policy.
- Navigate back to the AWS Console tab where the Create Role page is opened. Refresh the tab.
- Search for the policy you just created and select it. Then click on Next.
- On the next screen, finally, name the role and click on Create Role.
- This would successfully create your IAM Role, generate a Role ARN, and take you to the Roles page.
- Locate your Role name, click on it, and it will open up your role Summary – displaying your Role ARN near the top of the summary. Copy the Role ARN and then navigate back to the Cloudnosys Console tab.
3. Complete setting up #
- Paste the Role ARN into the ARN field shown below.
- Complete the setup by clicking Test Connection and you have set up your AWS Cloud Account!
Congratulations! you’re all set to get the insight of the risks & vulnerabilities in your AWS account/(s) and protect your environment.
What’s Next… #
As you configured your AWS account with Cloudnosys, we highly recommend you to implement the following advance features to get the most comprehensive protection of your environment:
- EagleEye (Real-time threat detection)
- Cloud Xray (Malwares & OS Scanning)