TestDocumentation

User Guide Of Cloudnosys

1.Overview

Cloudnosys User Guide

Overview

Cloudnosys Continuous Compliance expands the capabilities of the Compliance Engine by assessing your cloud infrastructure consistently, and notifying you of any adjustments in the security posture of any of them. It protects your Cloud infrastructure from security threats, data loss and compliance risks with real time continuous monitoring, auditing, and automated remediation.

Cloudnosys supports two types of users:

IAM User

IAM User can access and manage the account resources, add new users and change their privileges.

IAM Role

IAM roles are a secure way to grant permissions to entities that you trust. Examples of entities include the following:

  • IAM user in another account
  • Application code running on an EC2 instance that needs to perform actions on AWS resources
  • An AWS service that needs to act on resources in your account to provide its features
  • Users from a corporate directory who use identity federation with SAML

IAM roles issue keys that are valid for short durations, making them a more secure way to grant access.

2.Getting Started

Getting Started

Welcome to Cloudnosys, Lets Get Started!

You will get a 14 day trial version after registering into Cloudnosys, first thing is to verify your account via confirmation email sent to your registered email address. Incase if the email is not received or missed, hit . After successful verification, this is the first screen that will appear to you.

 

2.1.Cloud Account Creation

Cloud Account Creation

Lets buckle down and create a cloud account first!

  1. Click on button on the screen or alternatively, navigate to “Cloud Accounts” dashboard and click  button.
  2. Add Cloud Account screen would show up.
  3. Select your desired Provider (Amazon Web Services or Microsoft Azure) and click 

 

  1. Select Region screen would appear, check on your desired region and click 

Note: You can select more than one desired regions.
To select all the regions simultaneously, click on the “Select all Regions” checkbox.

2.1.1.Add a New IAM User

Add a New IAM User

  1. To create a new IAM User, select 
  2. Enter any valid string in the field AWS Account Name.
  3. Select any of your desired policy from the two, by clicking on it.
    Cloudnosys provides two Policies:

    • Full Protection Policy – Provides Remediation

    • Audit Policy (Read-only) – Does not provide Remediation
  4. After selection, click on the Copy button to copy the policy. You can also click on View button to view the policy.
    Note: Incase if you do not select any policy, Full-Protection policy would be selected by-default.
  5. For Access Id and Secret key, you need to log-in to your AWS console using URL https://console.aws.amazon.com/ (open it in New tab).
  6. Type IAM in search bar and press Enter. It will direct you to Identity and Access Management (IAM) Dashboard.
  7. Navigate to Users in the IAM dashboard.
  8. Click on Add User button that appears at the top of the screen.
  9. You need to set user details to create New User.
    • Enter any valid User Name in the given field.
    • Select your desired AWS Access type by clicking in the check box.

  1. Click when done.
  2. Set Permissions screen would appear, select Attach Existing policies Directly box, and click on
  3. A new tab would open with AWS Create Policy screen. Click on JSON and paste previously copied policy in the JSON editor.
  4. Click on 
  5. In the Review Policy Page that appears, enter your Policy name and its description and click 
  6. Now navigate to your previous AWS tab where you were creating IAM User, refresh it and search the policy you just created.
  7. Attach that policy and click 
  8. Click  button in the next screen to review your User Details and Permission Summary.
  9. After reviewing the details, click Create User button.
  10. This would successfully create your account.
  11. Click on “Show” under password label and save the password somewhere. Click Close.
  12. In the screen that appears, click on the Account you just created, it would show up the summary of your account. Click Security Credentials.
  13. Click Create Access Key Button to generate Access Id and Secret Key for your account.
  14. Download the csv file containing your AWS credentials.
  15. Open the downloaded file to view your credentials, copy and paste Access Id and Secret key in Cloudnosys User Account Credentials screen.
  16. Click  when finished. Your IAM User would be successfully created.

2.1.2.Add a New IAM Role

Add a New IAM Role

  1. To create a new IAM Role, select 
  2. Enter any valid string in the field AWS Account Name.
  3. For Role ARN, log in to your AWS console, click https://console.aws.amazon.com/ (open it in New tab).
  4. Type IAM in search bar and press Enter. It will direct you to Identity and Access Management (IAM) Dashboard.
  5. Navigate to Roles in the IAM dashboard and click Create Role.
  6. Click Another AWS Account in the Create Role screen.
  7. Copy Account ID from your Cloudnosys Dashboard and paste it in the Account ID field in your AWS console.
  8. Navigate to your Cloudnosys tab and copy your External ID.
    Note: Do not refresh the Cloudnosys tab at this point, because External ID changes every time the page is refreshed.
  9. In options field, click on the first checkbox to Insert External ID.
  10. Click 
  11. In the next screen that appears, click 
  12. A new tab would open with AWS Create Policy screen.
  13.  Now navigate to your Cloudnosys tab and select your desired policy out of the two given policies, by clicking on it.
    Cloudnosys provides two types of Policies:

    • Full Protection Policy – Provides Remediation

    • Audit Policy (Read-Only) – Does not provide Remediation
  14. After selecting your desired policy, click on the Copy button to copy the policy.
  15. Paste this policy on the JSON editor of Create policy page
  16. Click on 
  17. In the Review Policy Page that appears, enter your Policy name and its description and click 
  18. Now navigate to your previous AWS tab where you were creating IAM Role, refresh it and search the policy you just created.
  19. Attach that policy and click 
  20. Click  button in the next screen.
  21. Enter valid name and description in Review Policy screen, and click 
  22. This would successfully create your IAM Role and generate a Role ARN.
  23. To get your Role ARN, navigate back to Roles in AWS console, locate your Role name, click on that and it would open up your role summary, displaying your Role ARN on the top.
  24. Copy Role ARN from AWS console and paste it in the Role ARN field in Cloudnosys Dashboard.
  25. Click 
  26. Your Role would be successfully created.

2.1.3.Scanning

Scanning

  1. The newly created cloud account would appear in the progress bar at the top.

  2. To start scanning of any cloud account, click on the  button, and it will start scanning the particular account.

  3. You will be able to view the results of compliances after successful completion of scanning.

 

3.Enable Monitoring

Enable Monitoring

Cloudnosys provides a feature to schedule the monitoring of your cloud account. It automatically runs the scan for the cloud account at the selected interval.

1. To enable the monitoring for your cloud account, scroll to the desired cloud account and click on the monitoring switch.
2. Schedule the interval for your selected cloud account ; the intervals include:

  • Daily
  • Weekly
  • Monthly

4.EagleEye

EagleEye

EagleEye protects your cloud infrastructure from security threats and compliance risks with real-time continuous monitoring and threat alert. Notifies your Cloudnosys dashboard with the modifications and threats. EagleEye remediates and heals your cloud dynamically with best practice policies and achieve compliance with minimal efforts.

How it Works?

Following are the Resources that are created by the given CloudFormation template used in Stackset in each region:

  • AWS IAM Execution Role for Lambda function

  • AWS Lambda function

  • AWS SNS Topic with relevant topic policy

  • AWS Cloudwatch Event

How to Enable it?

To enable Live Monitoring:

  1. Click on Cloud Accounts in your Cloudnosys Dashboard

  2. Navigate to the account in which you want to enable live monitoring and click Disabled button.
  3. It would take you on Real Time Threats Alert Screen. 
  4. The very first step in enabling Live Monitoring is to create two IAM roles, namely; Administrator Role and Execution Role.
  5. Click on administrator Role button, it would automatically start downloading the file.
  6. Log into your AWS console using URL https://console.aws.amazon.com
  7. Write “CloudFormation” in search bar

  8. Click on  button and Create Stack screen would appear.
  9. Click on Choose File button and attach the recently downloaded administrator policy. Click Next.
  10. In the next screen that appears, specify a particular name to your stack name and click Next.
  11. Click  button on Options screen.
  12. In review screen, click on the checkbox under capabilities heading and click Create
  13. After successful creation of your administrator stack, move to your Cloudnosys tab and click on Execution Role button to download the execution policy.
  14. Navigate to AWS console and Click on  button to create stack for execution role.
  15. Click on Choose File button, select the recently downloaded execution policy and click Next.
  16. Specify a name and account ID to your Stack in the next screen and click Next.
  17. Click  button on Options screen.
  18. In review screen, click on the checkbox under Capabilities section and click Create button.
  19. Move to your Cloudnosys dashboard and click 
  20. In the next screen on Cloudnosys dashboard, click on  button.
  21. Now navigate to you AWS Console, click on CloudFormation, a drop-down menu would appear, select Stacksets.
  22. Click on  button.
  23. Click on the checkbox “upload Amazon S3 template”. Click on Browse button to attach the template (you just downloaded from Cloudnosys dashboard) then click 
  24. Specify stack name and click 
  25. In “Set Deployment Options”, enter valid account ID.Note: Enter the Target Account ID if creating Role for another account, else enter your own Account ID.
  26.  Select your desired Region and click Add.
  27. Click  in Options screen.
  28. In review screen, click on the checkbox under capabilities heading and click Create.
  29. After success, move to your Cloudnosys dashboard tab and click  in Create Stackset screen.
  30. Click  in finish screen.
  31. Go to your Cloud Accounts screen on Cloudnosys dashboard, the status of live monitoring would be changed to Pending and after certain minutes (time depends on regions selected), it would change to Enabled.
  32. Once the EagleEye becomes Enabled, you will be receiving notifications of any modifications in the cloud infrastructure.

5.Actions

5.1.Edit Existing User Account

Edit Existing User Account

1. In the Cloud Account dashboard, scroll to the cloud account you want to edit, and then click Edit
2. You can only Edit the following:

AWS Account Name– changes the name of your cloud account.
Selected Regions – changes your selected regions.
Policy – changes the policy.

Cloudnosys provides two policies:

  • AWS Policy (Full Protection)
  • Security and Audit Policy (Read-Only)

3. Click  to endorse the changes.

5.2.Delete Existing User Account

Delete Existing User Account

1. In the Cloud Account dashboard, scroll to the user account you want to delete, and then click Delete.
2. A warning message would appear, click Yes to confirm.

Bitnami