Cloud Infrastructure Sync allows us to monitor your company’s cloud IP footprint and automatically update it when addresses are changed or replaced.
Setting up this feature takes less than 15 minutes. Once complete, we begin collecting your IPs and a self-published report is generated within 3-5 business days. We’ll scan your AWS infrastructure multiple times per day and will make any updates that are consistent after two consecutive 24 hour periods.
You can choose to sync a single AWS account or an entire AWS tree of accounts into a Bitsight entity. To sync a single account, use an AWS account ID during step 1 of connection setup and follow the Single Account instructions during step 3. To sync multiple accounts, use the AWS Management Account ID during step 1 and follow the Multiple Accounts instructions during step 3.
Step 1: Add Account Info
- Navigate to the Cloud Infrastructure Sync page in the Attack Surface section.
- Select the Add Connection dropdown.
- Select Amazon Web Services (AWS).
- Enter a name for the connection. Optionally, you may also enter a description. The name and description identify the connection; the self-published company can have a different name, and will be named in step 2.
- Select whether you’d like us to scan a single AWS account or multiple AWS accounts under an AWS Org.
- Enter an AWS application ID. Use the single AWS account ID to connect a single account or the Org/Management account ID to connect multiple accounts.
- Select the account region associated with the AWS application ID you used.
- Select Continue.
Step 2: Confirm Self-Published Company
A new self-published company based on the AWS infrastructure in the account you added will be created. This way, you can have a self-published company and rating for your AWS infrastructure.
Self-published companies are managed like any other subsidiary in your Ratings Tree. They’re classified as company-provided infrastructure because the IPs are provided via an automated sync with your company.
- Select a parent company for the self-published company.
- Enter a name for the self-published company, e.g., “Saperix, Inc. AWS.”
- Enter the primary domain associated with the parent.
- Enter a description for the self-published company, e.g., “Saperix, Inc. AWS Infrastructure.”
- Select a visibility setting for the self-published company. Cloud Infrastructure Sync assets impact your rating regardless of your choice during setup.
- Select Continue.
Step 3: Set Up Sync Permissions
This step contains a list of the permissions required to set up an IAM role for Cloud Infrastructure Sync as well as instructions for doing so. During setup, you’ll deploy a stack set on all or a subset of accounts, at your preference. Your choice must match the account ID provided in step 1.
This setup includes the minimum required permissions; we recommend leaving them as-is, but you may change or remove them as needed. Changing permissions may affect Cloud Infrastructure Sync's ability to monitor your cloud infrastructure.
- Download the Configuration Instructions.
- Download the Configuration File (JSON).
- Complete the steps in the instructions.
- Select Finish Adding Connection.
- June 5, 2023: New UX.
- July 6, 2023: AWS Orgs now available.
- April 27, 2023: No longer in beta.
Feedback
0 comments
Please sign in to leave a comment.