Cloud Account Setup

Instructions on Connecting Your Cloud Accounts to InsightCloudSec

The page illustrates the step-by-step process for adding cloud accounts. While this process can be used to add multiple cloud accounts, we recommend the following links for adding bulk cloud accounts:

Otherwise, after InsightCloudSec is installed/deployed the next part of your setup will be to connect your cloud account(s).


Other Provider Examples

While this example uses AWS, variations of these instructions are also included in the setup and configuration instructions for GCP and Azure.


Before getting started you will need the following:

  • A functioning InsightCloudSec platform installation
  • InsightCloudSec Domain Admin credentials
  • Account credentials for the cloud accounts you want to add
    • For example, with AWS using an STS Assume Role you would need your account ID, API, secret key, role ARN, and external ID, as shown below.
Example AWS Account CredentialsExample AWS Account Credentials

Example AWS Account Credentials

Adding a Cloud Account

Whether you are connecting your first cloud account or adding a new cloud account, the process is the same. The "Clouds" screen displays for new users with no cloud accounts and can be accessed through the main navigation from "Cloud --> Clouds", where you can select the "Add Cloud" button on the landing screen or in the upper-right corner.

Adding Cloud Accounts InterfaceAdding Cloud Accounts Interface

Adding Cloud Accounts Interface

Steps to Add a Cloud

1. Select your cloud service provider from the available options. If you don't see your provider on the initial screen, click "See More" to expand the full list.

Add a Cloud AccountAdd a Cloud Account

Add a Cloud Account

2. Fill in the details for your specific cloud account.

  • You will need your account credentials as specified in the prerequisites.
  • Note: For AWS and Azure you will need to specify your authentication type.

For this example we selected STS Assume Role. Once you have completed filling in the fields, click the "Add Cloud" button.

AWS Example - Adding Account CredentialsAWS Example - Adding Account Credentials

AWS Example - Adding Account Credentials

3. For organizations with alternative Harvesting Strategies, the option to select a specific Harvesting Strategy will be available in the Account Details form.

  • For organizations without alternative strategies, the default provider strategy will be applied and no optional selection is displayed.
Selecting a Harvesting StrategySelecting a Harvesting Strategy

Selecting a Harvesting Strategy

4. For AWS and GCP you will be able to complete an optional validation step. The validation feature allows you to check permissions for your connected cloud resources.

  • Click "Validate" to complete this step or ignore and continue to adding Cloud Badges (also optional) or select "Add Another Cloud, or select "Finished, Go To Clouds" if you are done.


AWS Permissions

To use the validation feature, you will need to have the following AWS permission enabled: iam:SimulatePrincipalPolicy

5. If you select the "Validate" button and permissions (either missing or misconfigured) prevent InsightCloudSec from gaining access to a specific resource, a "View Missing Permissions" button will display.

  • Note for users adding an OCI Cloud, the validate capability is not currently supported.
View Missing Permissions OptionView Missing Permissions Option

View Missing Permissions Option

6. Clicking the "View Missing Permissions" button will launch the "Missing Permissions" window that provides details on the resources: a description of the resource and the specific permissions that are missing.

  • The "Copy To Clipboard" option will enable you to save this information to share with internal support or to reference later.
Copy To Clipboard OptionCopy To Clipboard Option

Copy To Clipboard Option


Missing Permissions - Visibility Issues

Missing permissions do not impact the addition of your cloud. Your cloud account will still be added and initiate the harvesting of resources to view and administrate in InsightCloudSec

You can review issues around resource visibility on the main Clouds page after you've connected your cloud account(s).

7. After addressing any optional validation, you can also add Badges.

  • Badges work as key:value pairs and are a useful way to organize your cloud accounts.
  • Click "Save Badges" for any badges you want to include.

8. To add an additional cloud, select "Add Another Cloud." If you have added all of your accounts, select "Finished, Go To Clouds."

Did this page help you?