AWS Onboarding Guide

Updated 6 months ago by admin

This feature is in Early Access preview.

This guide provides the steps you need to follow in order to onboard Microsoft 365 accounts onto the Posture Management service.

This article will guide you through the following steps:

  • Prepare the IAM policy that grants Read-Only permissions to Posture Management to access your AWS account for information about resources. 
  • Create an IAM Role that Posture Management can use to access your environment. This IAM Role should have the IAM permission configured in the previous step. To monitor the Amazon S3 service, the created IAM Role should have the AmazonS3ReadOnlyAccess policy assigned.
 You will need to be an Administrator of the AWS account, or have sufficient admin privileges, to perform these steps
  1. Navigate to Identity and Access Management (IAM)UsersCreate user
  2. On the Specify user details tab, enter a user name, e.g. Posture Management User, and click Next
  1. Click the Create group
  2. Enter a new User Group name e.g. PostureManagementGroup
  3. In the Filter by Type drop-down list, select AWS managed - job functions
  4. In the Search field, enter ReadOnlyAccess, and select this policy
  1. Click Create user group
  2. On the Set permissions tab, select the PostureManagementGroup and click the Next button
  1. On the Review and create tab, click the Create user button
  2. In the opened Users list, select the Posture Management User
  1. On the opened Summary page, click the Create access key button
  1. Create an Access key for the Posture Management User. On the Access key best practices & alternatives tab, select the Command Line Interface (CLI) option and click the Next button
  1. Add a description for the access key (optional) and click the Create access key button
  2. On the Retrieve access keys tab, copy the Access key and the Secret access key values (or download them into a CSV file)
  1. Log in to the USS Dashboard and navigate to Products -> Posture Management.
  2. The Posture Management dashboard will open in a new tab. From the top ribbon, select Service Integration and then +
  1. From the existing service providers list, select Amazon Web Services.
  1. In the opened window, enter the Access Key and Secret Key from Step 14
  2. Click Add
  3. Click Scan Now to begin scanning the application immediately, or wait for it to automatically scan on a daily basis
  4. One the first scan has finished you will be able to view the results in the Charts and Activity report tabs

How did we do?