Amazon Web Services¶
Amazon Web Services, or AWS, is a popular cloud provider and is supported by cscanner. The configuration does as follows:
connection-name: type: aws accessKeyId: "" secretAccessKey: "" sessionToken: "" profile: ""
Each of the parameters is optional. If they are not provided, the default is to fall back to the AWS client default behavior, such as reading options from environment variables or credentials files.
What access does Cscanner need?¶
Cscanner uses the AWS API to scan the account for policy violation. As such, each rule will require its own set of
permissions. The easiest way to make sure no rules are skipped due to missing permissions is to use the
policy for the account that is being used for cscanner.
To create API credentials on AWS please follow the following steps:
- Log in to the AWS console
- Go to Identity and Access Management
- To to Users
- Click Add User
- Create a user with "Programmatic Access" enabled
- In Permissions select "Attach existing policies directly"
- Select the
- Copy the access key and secret key into your configuration as mentioned above.
The AWS provider currently supports the following rules: