This page covers the first-time user experience for installing and configuring Access Explorer. It walks you through the process and components (required and optional) necessary to set up Access Explorer.
To ensure you can complete the installation process we recommend that you gather all of the requirements and verify these details before you start.
If this is not your first time setting up Access Explorer, you can skip over to Access Explorer - Configuration and Settings for specific details on configuration and settings.
While most of the steps included in the setup are optional and can be skipped or configured later, we recommend completing all of these steps to provide the best overall user experience. The more data you provide, the more useful the tool will be. You will have better context, relationship data, and understanding around your cloud IAM configurations
Cloud IAM Governance typically relies on the same infrastructure requirements as the main InsightCloudSec platform. If you are concerned about performance for your individual environment we are happy to work with you directly to make recommendations, reach out to us via [email protected], otherwise refer to details on our Product Architecture page.
- An InsightCloudSec platform installation with administrative permissions
- At least one AWS cloud connected to InsightCloudSec
- For instructions on adding a cloud account to your InsightCloudSec platform refer to our Cloud Account Setup page
- Details on your Tagging or Name strategy to define your applications
- To complete the optional steps for configuring CMDB and EIAM you will need the following:
- A list of principals you want to exclude from your configuration (optional)
Users launching Access Explorer for the first time users will be met with a guided "Getting Started with Access Explorer" process. This process walks through the required and optional steps to complete the setup and configuration for Access Explorer.
Note: While only "Step 1 - Choose Cloud Accounts to Whitelist" and building the cache are required to complete the setup, we strongly recommend completing the optional steps to provide a better experience.
In this step you will select the cloud accounts (currently AWS) that you have connected to your InsightCloudSec platform to include for analysis in Access Explorer.
- Refer to Cloud Account Setup for instructions on connecting additional cloud accounts to InsightCloudSec
- Check out Access Explorer - Configuration and Settings for details on Account Whitelisting.
In this optional step you can define rules to create applications. By understanding your tagging or naming schema, we can dynamically group resources in Application Groups.
- Refer to the complete documentation on [Configuring Application Groups].(doc:access-explorer-configuration-and-settings#configuring-application-groups)
- Add as many rules as you want to include.
- Select "Save Application Group" to save your application and reset the form. This will allow you to create a new application. (Note: You can also add applications after you complete the initial setup.)
- To verify that your rules are working as intended click "Test Group Rule," which will provide a list of resources that match (including a count) each rule provided.
In this optional step, users provide their CMDB settings in a CSV file. There are two options to share the CSV file: You can upload the file or point to an AWS S3 bucket to fetch the file.
- Refer to the Configuring CMDB documentation for the complete details on this step (file format requirements and details for both options).
- Review the details on the required CSV file here.
In this optional step, users provide their EIAM settings in a JSON file. There are two options to share the JSON file: You can upload the file or point to an AWS S3 bucket to fetch the file.
- Refer to the Configuring EIAM documentation for the complete details on this step.
- Review the details on the required JSON file here.
In this optional step, you can choose to define principals that you would like the analyzer to ignore. By excluding principals like IAM superusers or other users that have extensive permissions you can reduce your cache build time.
- Select "Add Role" to specify a Principal you would like to add to the ignore list.
- Click the "test" option for any role to see a list of matches before adding it to your list.
To revise the list of principals after the setup is complete you can visit the settings in Access Explorer. Read more about those on the Access Explorer - Configuration and Settings page.
When you have added all of the details you want to include for your Access Explorer installation, select the "Finish Setup & Start Cache Build" button to complete the setup process.
If everything has been added correctly, you will receive the following confirmation.
Once you have completed your initial setup for Access Explorer, after the cache-building process completes, your installation will be ready to use.
From your InsightCloudSec platform, navigate to "Security --> Access Explorer" and select "Access Explorer."
You can also check out the Using Access Explorer - Feature Guide for details on using the Cloud IAM Governance via Access Explorer.
For instructions on configuring any of the components included in the initial setup process outside of this guided setup, check out the Access Explorer - Configuration and Settings documentation.
Updated 15 days ago