Walkthrough: Onboarding the AWS Cloud connector
This walkthrough shows you how to onboard the AWS Cloud connector to specify and evaluate the AWS account details against the OOB AWS policies at a scheduled interval.
The AWS Cloud connector, hosted by BMC Helix Cloud Security in the AWS platform, gathers data about the following AWS services:
- CloudTrails domains
- Identity and Access Management (IAM) credentials
- Password Policy
- Rapid Database System (RDS)
- S3 bucket
- Key Management Service (KMS)
- Virtual Private Cloud (VPC)
- Simple Notification Service (SNS)
|Log on to BMC Helix Cloud Security with your registered credentials and select Configure icon > Connectors.|
|On the Manage Connector page, select Add Connector.|
Under Connector Type > Cloud Based Connectors (Hosted), click AWS Cloud Connector and then click Continue.
On the Configure Connector screen:
3. Select required mode from the two different Collection Mode available, namely, On Demand and Scheduled.
1. On Demand: You can run the scan whenever you choose.
2. Scheduled: You must set the time in which AWS resources should be collected and evaluated periodically.
AWS GovCloud (US) is used for scanning resources in AWS Gov cloud region(us-gov-west-1).
<writer note: Screenshot needs to be changed>
For security reasons, BMC recommends that you create a separate IAM user for the AWS account with read-only privileges for the services that you would like to evaluate.
On the Select Policies screen, clear the default compliance policies that you would not use to evaluate your AWS account.
However, for the on-premise connectors, you need to unzip the connector download and then execute the run.bat file or the run.sh file to start the connector.
Where to go from here
For an example of an AWS use case where compliance violations are identified, see