- July 6, 2023: AWS Orgs now available.
- April 27, 2023: No longer in beta.
- October 19, 2022: Scan an entire AWS tree; Create stack instructions if using AWS Org; New template permissions: “organizations:ListAccountsForParent”, “organizations:ListOrganizationalUnitsForParent”, & “organizations:ListRoots”
Cloud Infrastructure for Amazon Web Services (AWS) allows us to monitor your company’s cloud IP footprint and automatically update it when addresses are changed or replaced.
Setting up this feature takes less than 15 minutes. Once complete, we begin collecting your IPs and a self-published report is generated within 3-5 business days. Your AWS infrastructure will be updated daily.
To sync an entire AWS tree of accounts into a Bitsight entity/scan an entire AWS Tree and all its organizational units in one single set up, use the AWS Management Account ID and follow the AWS Orgs instructions.
Step 1: Integrate Amazon Web Services (AWS)/Add Account
Enable Cloud Infrastructure for AWS by creating a new AWS role dedicated to Bitsight with CloudFormation. Having Bitsight assume this role allows the automated discovery of publicly-assigned IPs associated with your company in AWS. This cross-account role method is recommended by the AWS Technical Account Management team to grant specific permissions to another party.
You must have CloudFormation stack setup permissions in AWS to complete Cloud Infrastructure setup.
Integrate AWS by providing your AWS Account ID and AWS Region, and then creating an AWS CloudFormation stack. We will connect to your AWS account with limited permissions. We use this access to identify your public AWS assigned resources as attributed infrastructure.
- Enter and confirm your AWS Account ID in the provided fields. Your 12-digit account ID is displayed under your user name in the AWS platform dropdown menu.
- Select the AWS Region your AWS account and user are in. The correct AWS Region is necessary for the integration to work. Please contact support if your AWS Region is not in the list of options to get it supported.
- Select Continue.
Step 2: Create CloudFormation Stack
To create a CloudFormation Stack:
- Select Continue Process in CloudFormation to open a new stack creation tab in your instance of AWS using the Bitsight Cloud Infrastructure template. Only deploy the Stack and/or StackSets to the same single region selected previously on the Bitsight UI. Don’t worry - we still scan assets in all your regions.
- In the AWS Create stack page, specify a template. See permissions that are included in the template.
- Select the Next button at the bottom-right.
- Select the I acknowledge that AWS CloudFormation might create IAM resources with custom names checkbox.
- Select Submit.
Creating a Stack While Using AWS Orgs (Optional)
Step 3: Set up AWS Self-Published Company/Create Self-Published Company
A new self-published company based on the AWS infrastructure in the account you added will be created. This way, you can have a self-published company and rating for your AWS infrastructure. Self-published companies are managed like any other subsidiary in your Ratings Tree. It’s classified as a company-provided infrastructure, as the IPs are provided via an automated sync with your company.