Skip to main content
This comprehensive guide walks you through the process of setting up your AWS account with Cloudnosys. After completing the setup, Cloudnosys will automatically scan your resources for security and compliance.

Prerequisites

Before starting the AWS setup, ensure you have:
  • AWS Account: Active AWS account with administrative privileges
  • IAM Access: Ability to create IAM roles and policies
  • CloudFormation Access: Permissions to deploy CloudFormation stacks
  • Region Selection: Knowledge of which AWS regions you want to monitor

Step-by-Step Setup

Step 1: Log in to Your AWS Account

Sign in to AWS: Go to AWS Management Console and log in using your AWS credentials Navigate to IAM: Once logged in, go to the IAM (Identity and Access Management) section from the AWS Management Console

Step 2: Create IAM Roles and Policies Using CloudFormation

Cloudnosys requires specific IAM roles and policies to access and scan your AWS resources. These can be automatically created using an AWS CloudFormation template provided by Cloudnosys. Download CloudFormation Template
  • Cloudnosys provides a CloudFormation template that will create the necessary IAM roles and policies
  • This template ensures that Cloudnosys has the permissions required to scan your AWS resources
Deploy the CloudFormation Template
  • Navigate to CloudFormation: In the AWS Management Console, go to CloudFormation and click “Create Stack”
  • Upload Template: Upload the CloudFormation template provided by Cloudnosys
  • Follow Instructions: Follow the on-screen instructions to deploy the stack
When deploying the CloudFormation template, you’ll be asked to acknowledge that IAM resources might be created with custom names. This is required for the integration to work properly.
  • Create Stack: Click “Create Stack” after acknowledging the IAM resource creation

Step 3: Assign Permissions and Confirm Role Creation

Once the stack is created, the necessary IAM roles will be deployed automatically. You will need to confirm the successful creation of these roles. Navigate to CloudFormation Outputs
  • After the stack is successfully created, go to the Outputs tab in CloudFormation
  • Copy the Role ARN: Copy the Role ARN of the Cloudnosys Role created by the CloudFormation template
Example Role ARN: 
arn:aws:iam::123456789012:role/CloudnosysRole

Step 4: Connect AWS Account to Cloudnosys

Enter Role ARN
  • Paste Role ARN: Paste the Role ARN you copied earlier into the Cloudnosys Role ARN field in your Cloudnosys dashboard
  • Select Regions: Cloudnosys will prompt you to select which AWS regions to monitor
Region Selection For comprehensive monitoring, select the critical regions where your resources reside. You can choose multiple regions if needed.

Step 5: Deploy Cloud Resources for Advanced Scanning (Optional)

If you have selected the Advanced package, you will need to deploy additional resources to enable advanced features. CloudXray (Malware/OS Vulnerabilities)
  • Select Region: Choose the region where you want CloudXray to be orchestrated
  • Coverage: This service will scan your EC2 instances for malware and vulnerabilities
  • Account-wide: CloudXray will cover your entire AWS account
EagleEye (Real-Time Threat Detection)
  • Choose Regions: Select the region(s) for real-time threat detection
  • Resource Considerations: Real-time monitoring is resource-intensive, so choose only critical regions where high-value assets are deployed
  • Cost Management: Select only the regions where real-time monitoring is essential
Deploy the Stack
  • Click Deploy Stack: Click “Deploy Stack” to initiate the deployment of resources in your AWS account
  • Wait for Completion: This process will deploy CloudXray and EagleEye in the selected regions
  • Monitor Progress: You can monitor the deployment progress in the CloudFormation console

Step 6: Validate Connection

After deploying the resources, Cloudnosys will validate the connection to your AWS account to ensure that the IAM roles, policies, and resources are correctly configured and accessible. Test Connection
  • Automatic Validation: Cloudnosys will run a validation test to check the permissions and access to AWS resources
  • Connection Confirmation: Once the connection is successful, Cloudnosys will confirm that your AWS account is connected and ready for monitoring

Step 7: Start Scanning Your AWS Resources

Once your AWS account is connected and validated, Cloudnosys will automatically begin scanning your AWS resources for security and compliance issues. Initial Scan Coverage The initial scan will check for:
  • Misconfigurations: Security misconfigurations across your AWS resources
  • IAM Roles and Policies: Overly permissive roles and policies
  • Resource Accessibility: Ensure proper access controls
  • Compliance Issues: Deviations from security best practices
Scan Results
  • Dashboard Access: Scan results will be available in the Cloudnosys dashboard
  • Alert System: You will be alerted to any issues that need attention
  • Detailed Reports: Comprehensive reports with remediation recommendations

Advanced Features (Advanced Package Only)

CloudXray Integration

CloudXray provides advanced malware and vulnerability detection:
  • Malware Scanning: Detects known malware in your EC2 instances
  • OS Vulnerability Detection: Identifies security vulnerabilities in operating systems
  • Container Scanning: Scans container images for security issues
  • Continuous Monitoring: Regular scans to detect new threats

EagleEye Integration

EagleEye provides real-time threat detection:
  • Real-time Monitoring: Continuous monitoring of your AWS environment
  • Threat Detection: Identifies suspicious activities and potential attacks
  • Alert System: Immediate alerts for security incidents
  • Incident Response: Automated response to detected threats

Security Best Practices

IAM Security

  • Principle of Least Privilege: Cloudnosys uses minimal required permissions
  • Read-only Access: No write permissions to your AWS resources
  • Secure Communication: All communication is encrypted

Data Protection

  • Encryption: All data is encrypted in transit and at rest
  • Data Retention: Limited data retention for security purposes
  • Compliance: Meets SOC 2, ISO 27001, and other security standards

Troubleshooting

Common Issues

  • Permission Errors: Ensure IAM roles have sufficient permissions
  • Region Access: Verify that selected regions are accessible
  • Resource Limits: Check for any AWS service limits
  • Network Issues: Ensure proper VPC and security group configuration

Getting Help

If you encounter issues during setup:
  • Check Logs: Review CloudFormation stack events for errors
  • Verify Permissions: Ensure your AWS account has necessary permissions
  • Contact Support: Reach out to Cloudnosys support team
  • Schedule Demo: Request a technical demo for assistance

Conclusion

By following this guide, you’ll successfully integrate your AWS account with Cloudnosys, enabling automated scanning, real-time monitoring, and compliance reporting. Whether you’re using the Basic or Advanced package, Cloudnosys will help you secure your AWS environment and stay compliant with industry standards.