Skip to content

CSPM Pre-requisite for AWS

Home
Getting Started
Getting Started
- AccuKnox Enterprise Architecture
- Deployment Models
  Deployment Models
- Release Notes
  Release Notes
  - AccuKnox
    AccuKnox
    
    v2.1-v2.2 Release Notes
    
    v2.0 Release Notes
    
    v1.7 Release Notes
    
    v1.6 Release Notes
    
    v1.5 Release Notes
  - KubeArmor
- Open Source
  Open Source
  - Open source vs Enterprise
  - Open Source Installation
- Sample Workloads Protection
  Sample Workloads Protection
- AccuKnox Agents
How To
How To
- CSPM Prerequisites
  CSPM Prerequisites
  - AWS
  - Azure
  - GCP
- Onboard Cloud Account
  Onboard Cloud Account
  - AWS
  - Azure
  - GCP
  - Offboard Clound Account
- Onboard Cluster
  Onboard Cluster
- Onboard Registry
  Onboard Registry
  - ACR
  - ECR
  - GAR
  - Harbor
- Onboard VM
  Onboard VM
  - SystemD/Docker Mode
  - SystemD Based Non-BTF Environments
- Create Tokens
- Create Labels
- Signup/Login via SSO
- Generate CWPP Reports
- CIS Benchmarking
- Configure Custom Report
Integrations
Integrations
- CI/CD
  CI/CD
  - Azure DevOps
    Azure DevOps
    
    DAST
    
    SAST
    
    Container Image Scan
    
    Iac Scan
  - Google Cloud Build
    Google Cloud Build
    
    DAST
    
    SAST
    
    Container Image Scan
    
    IaC Scan
  - Harness
    Harness
    
    DAST
    
    SAST
    
    Container Image Scan
    
    IaC Scan
  - Jenkins
    Jenkins
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan
  - AWS Code Pipeline
    AWS Code Pipeline
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan
  - GitHub
    GitHub
    
    IaC Scan
    
    Onboard Private Repos
  - Gitlab
    Gitlab
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan (AccuKnox)
    
    IaC Scan (GitLab Pipeline)
    
    Scan Variables
    Scan Variables
    
    Container Scan Variables
    
    IaC Scan Variables
    
    DAST Scan Variables
    
    SAST Scan variables
  - Bitbucket
    Bitbucket
    
    DAST
    
    SAST
    
    Container Scan
    
    IaC Scan
    
    Scan Variables
    Scan Variables
    
    Container Scan Variables
    
    IaC Scan Variables
    
    DAST Scan Variables
    
    SAST Scan variables
  - CheckMarx
    CheckMarx
    
    SAST
    
    SCA
- Private Cloud
  Private Cloud
  - Nutanix
    Nutanix
    
    AccuKnox
    
    KubeArmor
  - Mirantis Lens
    Mirantis Lens
    
    KubeArmor
    
    AccuKnox Agents
  - Rafay
  - SpectroCloud
- Marketplace
  Marketplace
  - Azure Marketplace Installation Guide
  - Oracle Marketplace Installation Guide
  - AWS Marketplace
    AWS Marketplace
    
    AWS Installation Guide
    
    KubeArmor Installation Guide
    
    KubeArmor EKS add-on
  - RedHat Marketplace Installation Guide
- Notification
  Notification
- OAuth
- SIEM/ Security Events
  SIEM/ Security Events
  - Telemetry (Sample)
    Telemetry (Sample)
    
    Logs
    
    Alerts
  - Splunk
  - AWS Cloudwatch
  - Rsyslog
  - Azure Sentinel
  - AccuKnox SplunkApp
  - Rsyslog feeder integration
  - Azure Sentinel feeder integration
  - KubeArmor Splunk Integration
- Ticketing
  Ticketing
Use-Cases
Use-Cases
- Use Cases By Categories
- CNAPP Dashboard Widgets
- AI/ML Security
  AI/ML Security
  - Jupyter Notebook
  - ModelArmor
    ModelArmor
    
    Overview
    
    Pickle Code Injection PoC
    
    Adversarial Attacks on Deep Learning Models
    
    Deploy PyTorch App with ModelKnox
- Cloud Security Posture Management (CSPM)
- Cloud Workload Protection Platform (CWPP)
- Application Security Posture Management (ASPM)
- Kubernetes Security Posture Management (KSPM)
  Kubernetes Security Posture Management (KSPM)
- DevSecOps (ASPM)
  DevSecOps (ASPM)
- Vulnerability Management (ASPM)
- Cloud Security (CSPM)
  Cloud Security (CSPM)
  - Asset Inventory
  - Cloud Misconfiguration and Drift Detection
- Container Security (CWPP)
  Container Security (CWPP)
- Least Permissive Posture Assessment (CWPP)
  Least Permissive Posture Assessment (CWPP)
- Advanced Persistent Threat (CWPP)
  Advanced Persistent Threat (CWPP)
  - Cryptojacking
  - Hildegard
- Securing Secrets Managers (CWPP)
  Securing Secrets Managers (CWPP)
  - HashiCorp Vault Hardening
  - CyberArk Conjur Hardening
- Host Security (CWPP)
  Host Security (CWPP)
- Continuous Compliance (GRC)
  Continuous Compliance (GRC)
  - Multi-cloud Compliance
- Automation
  Automation
  - Automated Ticket Creation Using Rules Engine
- Prioritization
  Prioritization
  - EPSS Scoring
- 5G Control Plane Security
- IoT/Edge Security
Support Matrix
Support Matrix
Resources
Resources
- Calculate Pricing
  Calculate Pricing
- Upgrading AccuKnox Agents
- Backup my Scan Data
- CWPP Troubleshooting
- CSPM Troubleshooting
- User Manual
- Technical Guide
- Ticketing Procedures
- Glossary
FAQs

CSPM Pre-requisite for AWS¶

In SaaS model of deployment the AccuKnox CNAPP will be hosted in our cloud environment and scan will be done using the Cloud account Readonly Access permission.

AWS onboarding requires creation of an IAM user. Please follow the following steps to provide a user with appropriate read access:

Step 1: Navigate to IAM → Users and click on Add Users

Step 2: Give a username to identify the user

Step 3: In the "Set Permissions" screen:

a. Select "Attach policies directly"

b. Search "ReadOnly", Filter by Type: "AWS managed - job function" and select the policy

c. Search "SecurityAudit", Filter by Type: "AWS managed - job function" and select the policy

Step 4: Finish creating the user. Click on the newly created user and create the Access key and Secret Key from the Security Credentials tab to be used in the AccuKnox panel