Required Policies

Modified on Thu, 5 Sep at 7:22 PM

In the CloudDefense Cloud Security platform, we need different types of permission for different purposes. We basically need permission for:

  1. Adding any Cloud account

  2. For auto-remediation on cloud misconfigurations

  3. To run Workload scan on your Computes like EC2, containers, etc.

  4. For Threat Detection

Here is a breakdown of the AWS permission and policies we need:

We may ask for a few AWS-managed policies to be attached to the AWS IAM user. Here is the list of required policies for AWS:

Module
AWS Policies
Type
Account Addition
SecurityAudit, AWSSSODirectoryReadOnly
Read
Workload Scan
AmazonEc2FullAccess
Write
Auto Remediation
Write Access for the specified resources
Write
Threat Detection
AmazonS3ReadOnlyAccess
Read


 

SecurityAudit:

This is a ReadOnly permission. The user with this policy monitors accounts for compliance with security requirements. This user can access logs and events to investigate potential security breaches or potentially malicious activity. Learn more about this by clicking here


Why we need it:

To access your resources and evaluate them in detail we need ReadOnly access to your resources. That’s why we need this policy with a minimal level of access. 


AWSSSODirectoryReadOnly:

This readOnly permission will be used to get information about your AWS Identity center.


AmazonEc2FullAccess

This policy grants permissions that allow full access to Amazon EC2. See the full access here:  AmazonEC2FullAccess


Why we need it:

To perform a workload scan on your compute machines, we need Write access to your EC2s.


AmazonS3ReadOnlyAccess:

We need this ReadOnly access to read the data from your S3 buckets.

 
PS: To add AWS account using CloudFormatiion Template, make sure the IAM user you'll use to create the CloudFormation Stack has the following permissions attached - AmazonSNSFullAccess,
AWSCloudFormationFullAccess and IAMFullAccess.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article