The page illustrates the step-by-step process for adding cloud accounts. While this process can be used to add multiple cloud accounts, we recommend the following links for adding bulk cloud accounts:
- For GCP, access Organizations (GCP)
- For AWS, access Organizations (AWS)
- For Azure, access Organizations (Azure)
- For AliCloud, Oracle (OCI), and other providers or scenarios reach out to us through the Customer Support Portal.
Otherwise, after InsightCloudSec is installed/deployed the next part of your setup will be to connect your cloud account(s).
Other Provider Examples
Before getting started you will need the following:
- A functioning InsightCloudSec platform installation
- InsightCloudSec Domain Admin credentials
- Account credentials for the cloud accounts you want to add
- For example, with AWS using an STS Assume Role you would need your account ID, API, secret key, role ARN, and external ID, as shown below.
Whether you are connecting your first cloud account or adding a new cloud account, the process is the same. The "Clouds" screen displays for new users with no cloud accounts and can be accessed through the main navigation from "Cloud --> Clouds", where you can select the "Add Cloud" button on the landing screen or in the upper-right corner.
1. Select your cloud service provider from the available options. If you don't see your provider on the initial screen, click "See More" to expand the full list.
- (Contact us through the Customer Support Portal.
2. Fill in the details for your specific cloud account.
- You will need your account credentials as specified in the prerequisites.
- Note: For AWS and Azure you will need to specify your authentication type.
For this example we selected STS Assume Role. Once you have completed filling in the fields, click the "Add Cloud" button.
3. For organizations with alternative Harvesting Strategies, the option to select a specific Harvesting Strategy will be available in the Account Details form.
- For organizations without alternative strategies, the default provider strategy will be applied and no optional selection is displayed.
4. For AWS and GCP you will be able to complete an optional validation step. The validation feature allows you to check permissions for your connected cloud resources.
- Click "Validate" to complete this step or ignore and continue to adding Cloud Badges (also optional) or select "Add Another Cloud, or select "Finished, Go To Clouds" if you are done.
To use the validation feature, you will need to have the following AWS permission enabled:
5. If you select the "Validate" button and permissions (either missing or misconfigured) prevent InsightCloudSec from gaining access to a specific resource, a "View Missing Permissions" button will display.
- Note for users adding an OCI Cloud, the validate capability is not currently supported.
6. Clicking the "View Missing Permissions" button will launch the "Missing Permissions" window that provides details on the resources: a description of the resource and the specific permissions that are missing.
- The "Copy To Clipboard" option will enable you to save this information to share with internal support or to reference later.
Missing Permissions - Visibility Issues
Missing permissions do not impact the addition of your cloud. Your cloud account will still be added and initiate the harvesting of resources to view and administrate in InsightCloudSec
You can review issues around resource visibility on the main Clouds page after you've connected your cloud account(s).
7. After addressing any optional validation, you can also add Badges.
- Badges work as
key:valuepairs and are a useful way to organize your cloud accounts.
- Click "Save Badges" for any badges you want to include.
8. To add an additional cloud, select "Add Another Cloud." If you have added all of your accounts, select "Finished, Go To Clouds."
Updated 5 months ago