AWS Onboarding Guide
The purpose of this document is to outline the concept of Cloudneeti application integration with the customer’s amazonWebServiceAccounts, the required preparations and prerequisites, and the specific onboarding steps.
Follow these steps to onboard the AWS account:
|2||Create an AWS role for Cloudneeti access||Powershell or AWS Portal|
|3||Add your AWS Account to Cloudneeti||Cloudneeti application portal|
|4||Verify Data Collection||Cloudneeti application portal|
|5||Notification Configuration||Cloudneeti application portal|
Upon customer request, Cloudneeti license(s) will be configured and email invitation(s) will be sent to License Administrator(s). Additional users within Cloudneeti applications will be provisioned by the customer’s License Administrator.
The following activities need to be completed by the customer prior to onboarding.
1.1 Users and Roles
|1. Engage a user with AWS account user with Administrator Access role||The customer’s AWS administrator must have enough permissions to create a role as a trusted entity with the SecurityAudit access policy.|
|2. Have the AWS account id handy||This is a mandatory field for onboarding an AWS account to Cloudneeti.
1. Sign into your AWS account
2. Click your name located on the top right navigation pane
3. Select “My Account”.
4. Your AWS ID is the twelve-digit number located underneath the Account Settings section.
|3. Have the Cloudneeti's AWS account id||This is a mandatory field fto create a role as a trusted entity with the SecurityAudit access policy.
Please contact Cloudneeti Team.
|4. Have the AWS account access key id and secret handy||This is a mandatory field for onboarding an AWS account to Cloudneeti.
1. Sign into your AWS account
2. Click your name located on the top right navigation pane.
3. Select “My Security Credentials”.
4. Access key id is under the section “Access keys for CLI, SDK, & API access”. If access key secret is not recorded while creation for this id, please create a new access key by clicking on “Create access key” button.
1.2 Workstation readiness
Prerequiistes listed below are required only if automation script is used to create a role in AWS account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.
|1. Download and review “serverless.yml” file for creation of role||A YAML template is used to create a role in AWS account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy. Download Link.|
|2. Workstation: Ensure you have the latest PowerShell version (v5 and above)||Verify PowerShell version by running the below command on the workstation where you will execute commands to add a role.
If PowerShell version is lower than 5, then follow this link for installation of a later version:Download Link.
|3. Workstation: Install AWS Command Line Interface||To install AWS cli follow link
AWS Command Line Interface (CLI) is a unified tool to manage your AWS services.
|4. Workstation: Install Nodejs||Download latest stable version of nodejs from here and install on the workstation.|
|5. Workstation: Install serverless npm module||Serverless Framework is a CLI tool to manage AWS deployments.
Execute below command to install serverless module,
# npm install –g serverless
2. Create an AWS role for Cloudneeti access
- Login to AWS portal with AWS administrator access role.
- Navigate to Services > IAM > Roles
- Click on "Create Role" button
Select "Another AWS account" and enter detils like
a. Enter Cloudneeti's Account ID and click on Next button
b. Attach policy permission "SecurityAudit" and click on Next button
c. Adding tags is optional, click Next d. Enter details like Role Name, Role description
e. Click on "Create role"
An AWS role will be created in the customer's account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.
Use serverless.yml file to create a role to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.
- Open PowerShell application as an administrator (right click on PowerShell and select run as administrator)
- In PowerShell application, navigate to folder location where you downloaded the file “serverless.yml” (e.g. “cd C:\Downloads”)
Type “aws configure” and enter
a. Account access key id and secret access key of an AWS IAM User (with Administrator Access policy)
b. Default region name(eg. us-east-1).
c. Default output format as "json" only.
To add Cloudneeti data provisioning resource, execute below command
- An AWS role will be created in the customer's account to mark Cloudneeti's account as a trusted entity with the SecurityAudit access policy.
3 Add your AWS Account to Cloudneeti
- Log in to the Cloudneeti portal using the license admin user credentials.
If the license is not activated, click on the ‘Activate License’ button to activate the license. This step is needed if this is the first cloud account you are adding to the License.
If the license is already activated,
a. Please go to Settings > Manage Accounts on Cloudneeti portal
b. Click on "Add Cloud Account" button
c. Select License to add cloud account
Select AWS connector.
Enter details Account Name, AWS Account Id
Click on ‘Add Account’.
4 Verify Data Collection
Click on ‘Go To Dashboard’ to see the data.
2. Wait approx. 5 minutes for the data to be collected, processed, and rendered to the Cloudneeti Dashboard.
Congratulations! You have just on-boarded an AWS account to Cloudneeti. Subsequent onboardings will take less time (usually less than 10 minutes).
5 Notification Configuration
Scan notifications allow a cloud account user to subscribe to changes in security posture. To receive email notifications on a scan from Cloudneeti Bot, please refer following steps.
On Cloudneeti portal, navigate to settings
Select desired License and Account
Click on configure button to select “Configure Notifications”
Enter comma separated email addresses.
Click on save button.