Amazon Web Services (AWS) adapter includes a broad set of global cloud-based products. It supports EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.
About AWS
Amazon Web Services is one of the most comprehensive and broadly adopted public cloud platforms, allowing users to easily deploy virtual machines and networks, as well as access over 200 native AWS services.
Use cases the adapter solves
Connecting AWS to Axonius gives you the ability to quickly and accurately catalog key resources within your AWS public cloud across your entire AWS Organization. AWS data within Axonius can be used to review resource/region usage, analyze access policies for users or other AWS principals, and evaluate the configuration of different resources to ensure they adhere to industry best practices.
Types of Assets Fetched
This adapter fetches the following types of assets and AWS services:
| Asset Type | Fetched AWS Services |
|---|---|
| Accounts | Organizations (Accounts) |
| Alerts/Incidents | Cloud Watch Alarm, Guard Duty |
| Application Services | Elastic Cache Replication Groups, Sagemaker, SNS |
| Certificates | Amazon Certificate Manager (ACM) |
| Compute Images | AWS Snapshot |
| Compute Services | ASG, Athena, Elastic Kubernetes Service (EKS), ECR, Outposts |
| Configurations | AWS Systems Manager (SSM) Parameters |
| Containers | ECS |
| Databases | Relational Database Service (RDS), Redshift, DynamoDB |
| Devices | Elastic Container Service (ECS), Elastic Cloud Compute (EC2), ELB, Kinesis Analytics, Kinesis Data Stream, Light Sail, SSM * The following services are fetched as Legacy Devices: API Gateways, App Stream, Athena, Backup Plan, Cloud Front, ECR, Elastic Cache Cluster, Elastic Search, FSX, Global Accelerator, Glue, Internet Gateway, Lambda, NAT, Organizations (Accounts), RDS, Redshift, Elastic Cache Replication Groups, Route53, RouteTable, S3, Sagemaker, SecretManager, SNS, SQS, Transit Gateway, VPC, VPN, Workspaces |
| Disks | Volumes, Orphan EBS Volumes |
| Groups | Group, IdentityStore Group |
| File Systems | EFS, FSX |
| Network/Firewall Rules | SecurityGroup |
| Load Balancers | ELB |
| Networks | VPC |
| Network Services | Cloud Front, Direct Connect, Global Accelerator, Internet Gateway, NAT, Route53, RouteTable, Transit Gateway, VPN |
| Object Storage | Simple Storage Service (S3) |
| Roles | Role |
| Secrets | SecretManager |
| Serverless Functions | Lambda, StepFunctions |
| Users | App Stream User, Groups (Legacy User), IAM Root User, Identity Store User, Policy, Role (Legacy User), Regular IAM user |
The AWS adapter also fetches Inspector and Security Hub and uses them as data enrichment sources for other services fetched as assets, for example: enriching vulnerability data for EC2, ECR, Lambda, and other services.
Related Enforcement Actions
Axonius has several useful enforcement actions for AWS to assist with managing EC2 instance power states, tagging, and also installed software via SSM.
AWS - Start/Stop EC2 Instances
AWS - Add Tags to Resource
AWS - Delete or Suspend IAM Users
AWS - Remove Tags from Resource
AWS - Install Software Using SSM
AWS - Patch Software Using SSM
This section contains the following topics:
- Connecting the AWS Adapter Using CloudFormation/Organizations - How to configure Axonius if you're using the AWS Organizations service to manage your AWS accounts.
- Parameters - The general parameters to configure to work with the Amazon Web Service (AWS) adapter.
- Advanced Settings - Explanation of all Advanced Configuration Settings for the AWS adapter.
- Advanced Configuration File - Information about an advanced configuration JSON file that you can upload.
- Configuring an S3 Bucket to use with Axonius - Setting up an S3 bucket to save files on AWS S3 buckets.
- Connecting the AWS Adapter Using an IAM User - Connecting the adapter using an IAM user and an EC2 instance.
- AWS Permissions - A summary of permissions that Axonius requires to fetch various AWS resources.