Comment on page
Managed AWS Accounts
Use this menu to add new AWS accounts or update existing ones. The Managed AWS Accounts table shows the following details and actions:
- Account Id
- Account Type which defines the type of environment assigned for the account (e.g. Production, Development, etc.)
- Authentication Profiles specify the authentication credentials for accessing the AWS account
- Assessments shows a high-level summary of the most recent date an assessment was run, and whether automated assessments have been configured
- Actions which include deleting and editing account settings
An authentication profile specifies the credentials for accessing an AWS account, and multiple authentication profiles can be associated with one AWS account. The following options are available for accessing an AWS account:
- IAM Role (Recommended)
- Access Keys
You can edit existing authentication profiles by clicking on the profile's name under the Managed AWS Accounts table, or you can create new ones by clicking on Add Auth Profile.
When creating a new authentication profile, you can select from a number of preset permission profiles that determine the level of access to the AWS account. The default and recommended option is Read-Only (Managed Policy)
To update an existing account's settings, click on the
The following settings can be updated:
- Account Type to define the type of environment (Production, Development, etc.)
Select the account type property with care as the security engine uses this input to calculate the risk score and to prioritize certain findings.
- Automated Assessments allows running assessments automatically on a schedule, and configuring which regions to be included in the automated scans
- Share Assessment Results can be used to enable sharing of assessment results between ASecureCloud users
To setup automated security assessment on a predefined schedule, navigate to AWS Settings > Accounts and click on the Edit icon for the Account Id
Only Accounts covered by Ongoing Subscriptions License can be set to automated Assessments
Check the option to Enable Automated Assessments and select the schedule as well as the AWS regions to include in the automated assessment.
It's good practice to limit the assessed regions to only the ones in use for faster scan time. We recommend using Service Control Policies to control unauthorized AWS regions.
Once that is configured, you can select the users to share assessment results with for this account
To delete an AWS account click on
icon for that account. A warning is displayed to confirm the action before finalizing the removal.
Assessment results are not deleted when an AWS account is removed. Assessment results and scan data can be removed under the Assessments tab