CSPM Pre-requisite for AWS¶
When the AccuKnox control plane is hosted in a cloud environment, scanning is performed using Cloud account Readonly Access permissions.
AWS onboarding requires creation of an IAM user. Please follow the following steps to provide a user with appropriate read access:
Step 1: Navigate to IAM → Users and click on Add Users
Step 2: Give a username to identify the user
Step 3: In the "Set Permissions" screen:
a. Select "Attach policies directly"
b. Search "ReadOnly", Filter by Type: "AWS managed - job function" and select the policy
c. Search "SecurityAudit", Filter by Type: "AWS managed - job function" and select the policy
Step 4: Finish creating the user. Click on the newly created user and create the Access key and Secret Key from the Security Credentials tab to be used in the AccuKnox panel
