Skip to content

AWS Onboarding Guide

The purpose of this document is to outline the concept of Cloudneeti application integration with the customer’s amazonWebServiceAccounts, the required preparations and prerequisites, and the specific onboarding steps.

Follow these steps to onboard the AWS account:

# Step Portal
1 Prerequisites
2 Create an AWS role for Cloudneeti access Powershell or AWS Portal
3 Add your AWS Account to Cloudneeti Cloudneeti application portal
4 Verify Data Collection Cloudneeti application portal
5 Notification Configuration Cloudneeti application portal

AWSOnboardingOverview

1. Prerequisites

Upon customer request, Cloudneeti license(s) will be configured and email invitation(s) will be sent to License Administrator(s). Additional users within Cloudneeti applications will be provisioned by the customer’s License Administrator.

The following activities need to be completed by the customer prior to onboarding.

1.1 Users and Roles

Activity Description
1. Engage a user with AWS account user with Administrator Access role The customer’s AWS administrator must have enough permissions to create a role as a trusted entity with the SecurityAudit access policy.
2. Have the AWS account id handy This is a mandatory field for onboarding an AWS account to Cloudneeti.

1. Sign into your AWS account
2. Click your name located on the top right navigation pane
3. Select “My Account”.
4. Your AWS ID is the twelve-digit number located underneath the Account Settings section.
3. Have the Cloudneeti's AWS account id This is a mandatory field fto create a role as a trusted entity with the SecurityAudit access policy.
Please contact Cloudneeti Team.
4. Have the AWS account access key id and secret handy This is a mandatory field for onboarding an AWS account to Cloudneeti.

1. Sign into your AWS account
2. Click your name located on the top right navigation pane.
3. Select “My Security Credentials”.
4. Access key id is under the section “Access keys for CLI, SDK, & API access”. If access key secret is not recorded while creation for this id, please create a new access key by clicking on “Create access key” button.

1.2 Workstation readiness

Prerequiistes listed below are required only if automation script is used to create a role in AWS account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.

Activity Description
1. Download and review “serverless.yml” file for creation of role A YAML template is used to create a role in AWS account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy. Download Link.
2. Workstation: Ensure you have the latest PowerShell version (v5 and above) Verify PowerShell version by running the below command on the workstation where you will execute commands to add a role.

$PSVersionTable.PSVersion

If PowerShell version is lower than 5, then follow this link for installation of a later version:Download Link.
3. Workstation: Install AWS Command Line Interface To install AWS cli follow link
AWS Command Line Interface (CLI) is a unified tool to manage your AWS services.
4. Workstation: Install Nodejs Download latest stable version of nodejs from here and install on the workstation.
5. Workstation: Install serverless npm module Serverless Framework is a CLI tool to manage AWS deployments.
Execute below command to install serverless module,
# npm install –g serverless

2. Create an AWS role for Cloudneeti access

2.1 Manual

  1. Login to AWS portal with AWS administrator access role.
  2. Navigate to Services > IAM > Roles
  3. Click on "Create Role" button
  4. Select "Another AWS account" and enter detils like

    a. Enter Cloudneeti's Account ID and click on Next button Activate License
    b. Attach policy permission "SecurityAudit" and click on Next button
    Activate License c. Adding tags is optional, click Next d. Enter details like Role Name, Role description
    e. Click on "Create role"

  5. An AWS role will be created in the customer's account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.

2.2 Automated

Use serverless.yml file to create a role to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.

  1. Open PowerShell application as an administrator (right click on PowerShell and select run as administrator)
  2. In PowerShell application, navigate to folder location where you downloaded the file “serverless.yml” (e.g. “cd C:\Downloads”)
  3. Type “aws configure” and enter

    a. Account access key id and secret access key of an AWS IAM User (with Administrator Access policy)

    b. Default region name(eg. us-east-1).

    c. Default output format as "json" only.

  4. To add Cloudneeti data provisioning resource, execute below command

    serverless deploy
    Serverless Deploy

  5. An AWS role will be created in the customer's account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.

3 Add your AWS Account to Cloudneeti

  1. Log in to the Cloudneeti portal using the license admin user credentials.
  2. If the license is not activated, click on the ‘Activate License’ button to activate the license. This step is needed if this is the first cloud account you are adding to the License.

    Activate License

    OR

    If the license is already activated,

    a. Please go to Settings > Manage Accounts on Cloudneeti portal Activate License

    b. Click on "Add Cloud Account" button Activate License

    c. Select License to add cloud account Select License

  3. Select AWS connector.

    AWS Connector

  4. Enter details Account Name, AWS Account Id

    Add AWS Account

  5. Click on ‘Add Account’.

4 Verify Data Collection

  1. Click on ‘Go To Dashboard’ to see the data.

    Success 2. Wait approx. 5 minutes for the data to be collected, processed, and rendered to the Cloudneeti Dashboard.

    Dashboard

Congratulations! You have just on-boarded an AWS account to Cloudneeti. Subsequent onboardings will take less time (usually less than 10 minutes).

5 Notification Configuration

Scan notifications allow a cloud account user to subscribe to changes in security posture. To receive email notifications on a scan from Cloudneeti Bot, please refer following steps.

  1. On Cloudneeti portal, navigate to settings

  2. Select desired License and Account

  3. Click on configure button to select “Configure Notifications”

  4. Enter comma separated email addresses.

    Configure Notifications

  5. Click on save button.