CSPM Pre-requisite for AWS¶
In the SaaS deployment model, AccuKnox CNAPP is hosted in the AccuKnox cloud environment and scans are performed using Cloud account read-only access permissions.
AWS onboarding requires creating an IAM user. Follow these steps to provide the user with appropriate read access:
Step 1: Navigate to IAM → Users and click on Add Users
Step 2: Give a username to identify the user
Step 3: In the "Set Permissions" screen:
a. Select "Attach policies directly"
b. Search "ReadOnly", Filter by Type: "AWS managed - job function" and select the policy
c. Search "SecurityAudit", Filter by Type: "AWS managed - job function" and select the policy
Step 4: Finish creating the user. Click on the newly created user and create the Access key and Secret Key from the Security Credentials tab to be used in the AccuKnox panel
