Cloud Infrastructure Sync allows us to monitor your company’s cloud IP footprint and automatically update it when addresses are changed or replaced.
Setting up this feature takes less than 15 minutes. Once complete, we begin collecting your IPs and a self-published company is generated within 3-5 business days. This company is visible in your Ratings Tree. We’ll scan your AWS infrastructure multiple times per day and will make any updates that are consistent after two consecutive 24 hour periods. Assets added to infrastructure when a connection is setup have a 60-day grace period before they impact grading.
Syncing Accounts and Organizations
You can sync a single AWS account or an entire AWS tree of accounts into a self-published company. To sync a single account, use an AWS account ID during step 1 of connection setup and follow the Single Account instructions during step 3. To sync multiple accounts, use the AWS Management Account ID during step 1 and follow the Multiple Accounts instructions during step 3.
You can also sync multiple AWS Organizations. Each Organization requires a separate Cloud Infrastructure connection and will appear in your Ratings Tree as a separate self-published company. To sync multiple Organizations, repeat steps 1-3 for each Organization you’d like to sync. There is no limit to the number of Organizations you can sync.
Step 1: Add Account Info
- Navigate to the Cloud Infrastructure Sync page in the Attack Surface section.
- Select the Add Connection dropdown.
- Select Amazon Web Services (AWS).
- Enter a name for the connection. Optionally, you may also enter a description. The name and description identify the connection; the self-published company can have a different name, and will be named in step 2.
- Select whether you’d like us to scan a single AWS account or multiple AWS accounts under an AWS Org.
- Enter an AWS application ID. Use the single AWS account ID to connect a single account or the Org/Management account ID to connect multiple accounts.
- Select the account region associated with the AWS application ID you used.
- Select Continue.
Step 2: Confirm Self-Published Company
A new self-published company based on the AWS infrastructure in the account you added will be created. This way, you can have a self-published company and rating for your AWS infrastructure.
Self-published companies are managed like any other subsidiary in your Ratings Tree. They’re classified as company-provided assets because the IPs are provided via an automated sync with your company.
- Select a parent company for the self-published company.
- Enter a name for the self-published company, e.g., “Saperix, Inc. AWS.”
- Enter the primary domain associated with the parent.
- Enter a description for the self-published company, e.g., “Saperix, Inc. AWS Infrastructure.”
- Select a visibility setting for the self-published company. Cloud Infrastructure Sync assets impact your rating regardless of your choice during setup.
- Select Continue.
Step 3: Set Up Sync Permissions
This step contains a list of the permissions required to set up an IAM role for Cloud Infrastructure Sync as well as instructions for doing so. During setup, you’ll deploy a stack set on all or a subset of accounts, at your preference. Your choice must match the account ID provided in step 1.
This setup includes the minimum required permissions; we recommend leaving them as-is, but you may change or remove them as needed. Changing permissions may affect Cloud Infrastructure Sync's ability to monitor your cloud infrastructure.
- Download the Configuration Instructions.
- Download the Configuration File (JSON).
- Complete the steps in the instructions.
- Select Finish Adding Connection.
- February 6, 2025: Added permissions.
- February 4, 2025: Clarified that you can add multiple AWS Organizations as separate Cloud Sync connections.
- June 5, 2023: New UX.
Feedback
0 comments
Please sign in to leave a comment.