Account onboarding

Connect an AWS Account

Connecting an AWS account is a straightforward process that takes less than 3 minutes to set up. We prepared this short youtube video to quickly get you started.

Or you can follow these steps:

  1. To get started, go to https://asecure.cloud and Log in

2. Click on Create account to create a new user profile or Sign in with Google

3. After signing in, click on Dashboard

4. The account onboarding wizard will appear in a pop-up window if it's your first AWS account onboarding.

if you would like to protect multiple accounts, see onboarding an AWS Organization or visit the AWS settings to manually add subsequent AWS accounts.

Ensure to fill the required fields :

  • Enter your AWS Account ID ( ex: 012345678911)

  • Enter a Description for this account ( ex: Dev application account)

  • Select Account Type from the list. Available options are Production, Development, Sandbox, Log Archive, Backup Archive, and Security/Audit

The account type influences the overall security score assigned to an account's assessment. For example, non-encrypted resources will have a lower risk rating for a sandbox account than production).

5. Click Next: Authentication to provide authentication details to access the AWS account

6. In the Authentication Profile window, provide the following information:

  • Profile Name helps distinguish different authentication profiles (if multiple profiles are created)

  • Permissions Template to select the permissions to grant ASecureCloud. Different predefined profiles are available:

    • (Recommended) Read-Only (Managed Policy): Uses managed AWS policies to allow read-only access to AWS services (Only configuration access is allowed)

    • Read-Only (Custom): Customize access by selecting specific AWS services to allow access to

    • Full Permissions (Read/Write): Provides full AWS access to selected services, and can be limited to CloudFormation to ensure ASecureCloud doesn't have direct access to your account

  • Well-Architected Tool Access to select permissions to access the AWS Well-Architected Review service and configured workloads. The following options are available:

    • (Recommended) Read/Write: Provides necessary permissions to retrieve details of existing Well-Architected Review workloads in the AWS account AND upload the results to the AWS account (under the AWS Well-Architected Tool service)

    • Read: Provides necessary permissions to retrieve details of existing Well-Architected Review workloads in the AWS account

    • None: No permissions to if you do not require a Well-Architected Review

This access doesn't affect the capability for performing automated Well-Architected Reviews, but only the ability to retrieve previous Well-Architected Reviews or upload new ones to the AWS account

  • Temporary Access can be selected to restrict access to the AWS environment for a selected number of hours. Afterward, a new authentication profile will have to be created

  • Authentication Method:

    • (Recommended) IAM role

      • IAM Role Name: Provide an IAM role name to be created in the AWS environment

      • An External Id is randomly generated for each account and must be used for additional security

    • Access Keys can be used to manually enter Access Key/Secret Key (and optionally a Session Token in the case of temporary credentials)

The IAM role created allows cross-account access to the ASecureCloud AWS account to perform the security assessment

7. If an IAM Role is selected, there are multiple options to automatically deploy the IAM role into your AWS account:

  • (Recommended) Launch CloudFormation Template to create the role directly in your AWS account and open the CloudFormation service

  • Download Terraform Template to download the Terraform configuration template

  • Download CloudFormation Template to download the CloudFormation configuration template (YAML)

  • Manual Steps to display the steps for manual configuration

Once the IAM role is deployed in the AWS account (or the Access Keys are entered), click on Done, then Next: Scan

8. The final step is to select the regions and services to be included in the security assessment and click on Start Assessment

👏 Congratulations: You have now completed the onboarding process and are ready to review your assessment results. This can take 10-15 mins depending on your account size.

Last updated