CIEM Policy auto-recommendation setup

Modified on Wed, 16 Oct at 12:09 AM

Note : If Cloudtrail is already configured to log events to S3 Bucket then Step -1 can be ignored and directly start with Step-2

  • Creating a CloudTrail on AWS

  • Event Types:
    Select the following event types:

    • Management Events

    • Data Events

    • Insight Events


  • Management Events Settings:
    Under API Activity, ensure you select both:

    • Read

    • Write


  • S3 Bucket:
    Take note of the S3 bucket used as the destination for your CloudTrail logs.


  • CloudDefense.AI Platform - CIEM Integration

  • In the CIEM tab, click on the Configure Policy Recommendation button.

  • Provide the S3 bucket name used for CloudTrail logs and specify the AWS region for which the CIEM access recommendations will be calculated.


  • Using a Single S3 Bucket for Multiple Regions:
    If you are using the same S3 bucket for CloudTrail logs across multiple AWS regions, you can configure multiple accounts under Configure Policy Recommendation. Use the same bucket name but specify different regions.


This configuration will analyze user access for the selected regions and generate tailored policy recommendations.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article