Perform the following steps to connect to your AWS account to scan the AWS resources.
- Login to the Accurics Console and click New Environment.
- Provide an environment name, select Enterprise Mode, and then click Next.
- Click AWS the Cloud Provider.
- Select Configure Cloud Scan.
- Provide Region name of the target AWS account.
- Access to your target AWS account.
- Option 1: Role ARN and external IDRole ARN and external ID.
When third parties such as Accurics require access to your organization’s AWS resources, you can use roles to delegate access to them.
With IAM roles, you can grant these third parties access to your AWS resources without sharing your AWS security credentials. Instead, the third party can access your AWS resources by assuming a role that you create in your AWS account.
Role ARN is a unique identifier for the IAM role that can be used to access the target AWS cloud account.
External ID is optional but it depends on how the trust policy is set up for the IAM role. To use an external ID, update a role trust policy with the external ID of your choice. Then, when someone uses the AWS CLI or AWS API to assume that role, they must provide the external ID. For more information, see How to use an external ID when granting access to your AWS resources to a third party.
- Option 2: Authentication via Access key & Secret key:
You can also use your READ ONLY secret key & access key to connect to your target AWS account. Please use the below section of the page to enter your keys. Accurics will keep the credentials secure and highly encrypted form and follow the highest privacy standards.
- Selecting a VPC or scan the entire account:
Once you have entered the credentials/role ARN, you can choose to scan a VPC of the AWS account or scan the entire account.
If you like to select only a VPC, please click on the “Get List” link to fetch all the VPC in your target AWS account to help you select one.
You don’t have to click on “Get list” if you want to scan the entire account. Please see below for reference.
- Set up an IAC Repository Scan.
- Select the appropriate compliance policies. The cloud resources will be scanned for violations as per the chosen policy.
- Review the Information and click Save.
- Initiate a cloud scan.