- 05 Dec 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Amazon Web Services (AWS)
- Updated on 05 Dec 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Amazon Web Services (AWS) adapter includes a broad set of global cloud-based products. It supports EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
Types of Assets Fetched
This adapter fetches the following types of assets and services:
Asset Type | Fetched Services |
---|---|
Accounts | Organizations (Accounts) |
Alerts/Incidents | Cloud Watch Alarm, Guard Duty |
Application Services | Elastic Cache Replication Groups, Sagemaker, SNS |
Certificates | ACM |
Compute Images | AWS Snapshot |
Compute Services | ASG, Athena, EKS, ECR, Outposts |
Configurations | SSM Parameters |
Containers | ECS |
Databases | RDS, Redshift, DynamoDB |
Devices | ECS, EC2, ELB, Kinesis Analytics, Kinesis Data Stream, Light Sail, SSM * The following services are fetched as Legacy Devices: API Gateways, App Stream, Athena, Backup Plan, Cloud Front, ECR, Elastic Cache Cluster, Elastic Search, FSX, Global Accelerator, Glue, Internet Gateway, Lambda, NAT, Organizations (Accounts), RDS, Redshift, Elastic Cache Replication Groups, Route53, RouteTable, S3, Sagemaker, SecretManager, SNS, SQS, Transit Gateway, VPC, VPN |
Disks | Volume |
Groups | Group, IdentityStore Group |
File Systems | FSX |
Firewall Rules | SecurityGroup |
Load Balancers | ELB |
Networks | VPC |
Network Services | Cloud Front, Direct Connect, Global Accelerator, Internet Gateway, NAT, Route53, RouteTable, Transit Gateway, VPN |
Object Storage | S3 |
Roles | Role |
Secrets | SecretManager |
Serverless Functions | Lambda, StepFunctions |
Users | App Stream User, Groups (Legacy User), IAM Root User, Identity Store User, Policy, Role (Legacy User), Regular IAM user |
About AWS
Amazon Web Services is one of the most comprehensive and broadly adopted public cloud platforms, allowing users to easily deploy virtual machines and networks, as well as access over 200 native AWS services.
Use cases the adapter solves
Connecting AWS to Axonius gives you the ability to quickly and accurately catalog key resources within your AWS public cloud across your entire AWS Organization. AWS data within Axonius can be used to review resource/region usage, analyze access policies for users or other AWS principals, and evaluate the configuration of different resources to ensure they adhere to industry best practices.
Data retrieved by AWS
The AWS adapter is capable of pulling in both device and user data. There are many options available to fine-tune what data is collected. Axonius can fetch device and user data from the following AWS services:
Elastic Cloud Compute (EC2)
Identity and Access Management (IAM)
Elastic Kubernetes Service/Elastic Container Service (EKS/ECS)
ElasticSearch
Elastic Load Balancers
AWS Systems Manager (SSM)
Relational Database Service (RDS)
Simple Storage Service (S3)
Cloudtrail
Workspaces
Lambda
Route53
Organizations
WAF/WAFv2
Amazon Certificate Manager (ACM)
DynamoDB
Inspector
SecurityHub
API Gateway
Related Enforcement Actions
Axonius has several useful enforcement actions for AWS to assist with managing EC2 instance power states, tagging, and also installed software via SSM.
AWS - Start/Stop EC2 Instances
AWS - Add Tags to Resource
AWS - Delete or Suspend IAM Users
AWS - Remove Tags from Resource
AWS - Install Software Using SSM
AWS - Patch Software Using SSM
This section contains the following topics:
- Connecting the AWS Adapter Using CloudFormation/Organizations - How to configure Axonius if you're using the AWS Organizations service to manage your AWS accounts.
- Parameters - The general parameters to configure to work with the Amazon Web Service (AWS) adapter.
- Advanced Settings - Explanation of all Advanced Configuration Settings for the AWS adapter.
- Advanced Configuration File - Information about an advanced configuration JSON file that you can upload.
- Configuring an S3 Bucket to use with Axonius - Setting up an S3 bucket to save files on AWS S3 buckets.
- Connecting the AWS Adapter Using an IAM User - Connecting the adapter using an IAM user and an EC2 instance.
- AWS Permissions - A summary of permissions that Axonius requires to fetch various AWS resources.