Cloud Accounts

In InsightCloudSec, the Cloud Accounts section of the platform (Cloud --> Cloud Accounts) is where you add and manage clouds. Cloud Accounts provides visibility into all of the Cloud Accounts connected to InsightCloudSec. You can add badges, research potential gaps in coverage, monitor and adjust harvesting, and audit data.

First-time Users: InsightCloudSec is freshly deployed and this will be the first time a Cloud Service Provider (CSP) has been onboarded. The onboarding workflow will open automatically to guide you through the process for adding a new cloud account.

Returning Users: InsightCloudSec already has one or more Cloud Service Providers onboarded and you would like to add a new cloud account for your CSP.

This documentation provides details on the sections/tabs (Listing, Organizations, Summary, Badges, etc.) offered on the Cloud Accounts page.

• To review information about setting up a cloud account, managing existing accounts, or managing cloud organizations. Check out the Cloud Accounts Setup & Management page.

• To view in-depth information about the summary report (Summary tab) available for your cloud accounts, check out the Summary - Cloud Reports page.

• To review in-depth information about managing your individual cloud accounts, including settings and configuration check out the Cloud Account Detail Page.

Section Overviews

As your cloud footprint expands from dozens to hundreds of cloud accounts, this section of the tool becomes increasingly important for ensuring the quality of your data and understanding large-scale changes.

Listing

The Listing tab of the Clouds section includes all cloud accounts for your Organization. Selecting an individual Cloud Account by clicking on the name will give you detailed information about that cloud. Refer to the documentation on the Cloud Account Detail Page for in-depth information about this feature.

🚧

Warnings with False Positives - Known AWS Service Control Policy Issue

When viewing details on the Clouds Listing page, InsightCloudSec may provide false positive “Warnings” around missing permissions. In some scenarios the permissions are granted within the Service Control Policy (SCP) but falsely report as missing.

This scenario is the result of a known issue within AWS where, if an Organization has an SCP with conditions based on global keys (e.g., aws:PrincipalArn), the IAM Policy Simulator results are not accurate because it does not have context with the global keys.

If you have verified that the specific permissions identified as missing are included in your SCP, you can safely disregard these warnings; otherwise for remaining questions or concerns, contact us through the Customer Support Portal.

Read more about Service Control Policies.

Organizations

The Organizations tab allows you to manage your connected cloud service provider-based Organization(s) a.k.a. Cloud Organizations. This section of the tool allows you to add and remove Organizations and update configuration information for existing Organizations.

Summary (Cloud Reports)

This tab provides a summary for your overall cloud footprint with several reports to explore details around all of your cloud accounts. Check out the Summary - Cloud Reports page for details on what is displayed on this tab.

Badges

Initially, you will use the Clouds section to add clouds. As you do so, take advantage of the Badge functionality, which allows you to tag your cloud accounts as you would your cloud resources. InsightCloudSec automatically adds system-level badges for cloud type (e.g., AWS) and resource type (e.g., cloud account), as these are required for internal data tracking purposes.

• The Badges column on the Clouds page can be used to sort your clouds and the column is included in any .CSV export you create.

• Check out our Badges documentation for details on working with this capability.

Event-Driven Harvesting (EDH) Sections

The Clouds landing page includes four tabs for EDH:

• EDH Consumers - provides a list of Consumers associated with the selected cloud account and access to add consumers via the "EDH Configuration" button
• EDH Producers - provides a list of Producers associated AWS Accounts and AWS Event Bridge Rules
• EDH Events Summary - details for the entire organization or a selected individual cloud account
• EDH Events - displays details of the CloudWatch (AWS), EventGrid (Azure), Cloud Asset Inventory (GCP) events that occur

Check out the Harvesting & Event-Driven Harvesting Overview section for detailed documentation on these tabs and the EDH feature. In general

Download Your Cloud Details

In addition to viewing the details of your Cloud accounts through InsightCloudSec, you also have the ability to download this content by selecting the "Download" button at the top of the page above the Clouds listing.

You can sort the data however you'd like before you export and these filters will be reflected in your output; this includes Badges.

Selecting "Download" from the buttons on the "Listing" tab of the Clouds section will launch the following form and enable you to include tags, or select existing data collections.

• Badges are included as a column by default, so any Badges specified in this optional form will be in addition to the default.
• Select "Download" on the form to export this data in a .CSV file.