Managed AWS Accounts

Use this menu to add new AWS accounts or update existing ones. The Managed AWS Accounts table shows the following details and actions:

  • Account Id

  • Description

  • Account Type which defines the type of environment assigned for the account (e.g. Production, Development, etc.)

  • Authentication Profiles specify the authentication credentials for accessing the AWS account

  • Assessments shows a high-level summary of the most recent date an assessment was run, and whether automated assessments have been configured

  • Actions which include deleting and editing account settings

Authentication Profiles

An authentication profile specifies the credentials for accessing an AWS account, and multiple authentication profiles can be associated with one AWS account. The following options are available for accessing an AWS account:

  • IAM Role (Recommended)

  • Access Keys

You can edit existing authentication profiles by clicking on the profile's name under the Managed AWS Accounts table, or you can create new ones by clicking on Add Auth Profile.

When creating a new authentication profile, you can select from a number of preset permission profiles that determine the level of access to the AWS account. The default and recommended option is Read-Only (Managed Policy)

Update an existing account

The following settings can be updated:

  • Description

  • Account Type to define the type of environment (Production, Development, etc.)

Select the account type property with care as the security engine uses this input to calculate the risk score and to prioritize certain findings.

  • Automated Assessments allows running assessments automatically on a schedule, and configuring which regions to be included in the automated scans

  • Share Assessment Results can be used to enable sharing of assessment results between ASecureCloud users

Automated Assessments

To setup automated security assessment on a predefined schedule, navigate to AWS Settings > Accounts and click on the Edit icon for the Account Id

Only Accounts covered by Ongoing Subscriptions License can be set to automated Assessments

Check the option to Enable Automated Assessments and select the schedule as well as the AWS regions to include in the automated assessment.

It's good practice to limit the assessed regions to only the ones in use for faster scan time. We recommend using Service Control Policies to control unauthorized AWS regions.

Share Assessment Results

You can share your assessment with other ASecureCloud users by enabling this feature. First, you will need to Configure Sharing under Profile > User Settings

Once that is configured, you can select the users to share assessment results with for this account

Delete an account

Assessment results are not deleted when an AWS account is removed. Assessment results and scan data can be removed under the Assessments tab

Last updated