Amazon Web Services (AWS)

Amazon Web Services (AWS) adapter includes a broad set of global cloud-based products. It supports EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.

About AWS

Amazon Web Services is one of the most comprehensive and broadly adopted public cloud platforms, allowing users to easily deploy virtual machines and networks, as well as access over 200 native AWS services.

Use cases the adapter solves
Connecting AWS to Axonius gives you the ability to quickly and accurately catalog key resources within your AWS public cloud across your entire AWS Organization. AWS data within Axonius can be used to review resource/region usage, analyze access policies for users or other AWS principals, and evaluate the configuration of different resources to ensure they adhere to industry best practices.

Types of Assets Fetched

This adapter fetches the following types of assets and AWS services:

Asset TypeFetched AWS Services
AccountsOrganizations (Accounts)
Alerts/IncidentsCloud Watch Alarm, Guard Duty
Application ServicesElastic Cache Replication Groups, Sagemaker, SNS
CertificatesAmazon Certificate Manager (ACM)
Compute ImagesAWS Snapshot
Compute ServicesASG, Athena, Elastic Kubernetes Service (EKS), ECR, Outposts
ConfigurationsAWS Systems Manager (SSM) Parameters
ContainersECS
DatabasesRelational Database Service (RDS), Redshift, DynamoDB
DevicesElastic Container Service (ECS), Elastic Cloud Compute (EC2), ELB, Kinesis Analytics, Kinesis Data Stream, Light Sail, SSM
  • The following services are fetched as Legacy Devices: API Gateways, App Stream, Athena, Backup Plan, Cloud Front, ECR, Elastic Cache Cluster, Elastic Search, FSX, Global Accelerator, Glue, Internet Gateway, Lambda, NAT, Organizations (Accounts), RDS, Redshift, Elastic Cache Replication Groups, Route53, RouteTable, S3, Sagemaker, SecretManager, SNS, SQS, Transit Gateway, VPC, VPN, Workspaces
DisksVolumes, Orphan EBS Volumes
GroupsGroup, IdentityStore Group
ExpensesAWS Cost Explorer
File SystemsEFS, FSX
Network/Firewall RulesSecurityGroup, WAF devices
Load BalancersELB
NetworksVPC
Network ServicesCloud Front, Direct Connect, Global Accelerator, Internet Gateway, NAT, Route53, RouteTable, Transit Gateway, VPN
Object StorageSimple Storage Service (S3), S3 Outpost
RolesRole
SecretsSecretManager
Serverless FunctionsLambda, StepFunctions
UsersApp Stream User, Groups (Legacy User), IAM Root User, Identity Store User, Policy, Role (Legacy User), Regular IAM user
📘

Note

The AWS adapter also fetches Inspector and Security Hub and uses them as data enrichment sources for other services fetched as assets, for example: enriching vulnerability data for EC2, ECR, Lambda, and other services.

Related Enforcement Actions

Axonius has several useful enforcement actions for AWS to assist with managing EC2 instance power states, tagging, and also installed software via SSM.


This section contains the following topics:


Did this page help you?