Amazon Web Services (AWS)
  • 05 Dec 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Amazon Web Services (AWS)

  • Dark
    Light
  • PDF

Article summary

Amazon Web Services (AWS) adapter includes a broad set of global cloud-based products. It supports EC2, ECS, EKS, IAM, EBS, ELB, RDS, S3, VPC, Workspaces, Lambda, Route 53 and more.

Types of Assets Fetched

This adapter fetches the following types of assets and services:

Asset TypeFetched Services
AccountsOrganizations (Accounts)
Alerts/IncidentsCloud Watch Alarm, Guard Duty
Application ServicesElastic Cache Replication Groups, Sagemaker, SNS
CertificatesACM
Compute ImagesAWS Snapshot
Compute ServicesASG, Athena, EKS, ECR, Outposts
ConfigurationsSSM Parameters
ContainersECS
DatabasesRDS, Redshift, DynamoDB
DevicesECS, EC2, ELB, Kinesis Analytics, Kinesis Data Stream, Light Sail, SSM
* The following services are fetched as Legacy Devices: API Gateways, App Stream, Athena, Backup Plan, Cloud Front, ECR, Elastic Cache Cluster, Elastic Search, FSX, Global Accelerator, Glue, Internet Gateway, Lambda, NAT, Organizations (Accounts), RDS, Redshift, Elastic Cache Replication Groups, Route53, RouteTable, S3, Sagemaker, SecretManager, SNS, SQS, Transit Gateway, VPC, VPN
DisksVolume
GroupsGroup, IdentityStore Group
File SystemsFSX
Firewall RulesSecurityGroup
Load BalancersELB
NetworksVPC
Network ServicesCloud Front, Direct Connect, Global Accelerator, Internet Gateway, NAT, Route53, RouteTable, Transit Gateway, VPN
Object StorageS3
RolesRole
SecretsSecretManager
Serverless FunctionsLambda, StepFunctions
UsersApp Stream User, Groups (Legacy User), IAM Root User, Identity Store User, Policy, Role (Legacy User), Regular IAM user


About AWS

Amazon Web Services is one of the most comprehensive and broadly adopted public cloud platforms, allowing users to easily deploy virtual machines and networks, as well as access over 200 native AWS services.

Use cases the adapter solves
Connecting AWS to Axonius gives you the ability to quickly and accurately catalog key resources within your AWS public cloud across your entire AWS Organization. AWS data within Axonius can be used to review resource/region usage, analyze access policies for users or other AWS principals, and evaluate the configuration of different resources to ensure they adhere to industry best practices.

Data retrieved by AWS
The AWS adapter is capable of pulling in both device and user data. There are many options available to fine-tune what data is collected. Axonius can fetch device and user data from the following AWS services:

  • Elastic Cloud Compute (EC2)

  • Identity and Access Management (IAM)

  • Elastic Kubernetes Service/Elastic Container Service (EKS/ECS)

  • ElasticSearch

  • Elastic Load Balancers

  • AWS Systems Manager (SSM)

  • Relational Database Service (RDS)

  • Simple Storage Service (S3)

  • Cloudtrail

  • Workspaces

  • Lambda

  • Route53

  • Organizations

  • WAF/WAFv2

  • Amazon Certificate Manager (ACM)

  • DynamoDB

  • Inspector

  • SecurityHub

  • API Gateway

Related Enforcement Actions
Axonius has several useful enforcement actions for AWS to assist with managing EC2 instance power states, tagging, and also installed software via SSM.
AWS - Start/Stop EC2 Instances
AWS - Add Tags to Resource
AWS - Delete or Suspend IAM Users
AWS - Remove Tags from Resource
AWS - Install Software Using SSM
AWS - Patch Software Using SSM


This section contains the following topics:


Was this article helpful?