AWS Adapter Configuration for Cloud Asset Compliance
  • 08 Mar 2022
  • 1 Minute to read
  • Dark
  • PDF

AWS Adapter Configuration for Cloud Asset Compliance

  • Dark
  • PDF

Article summary

All of the Cloud Asset Compliance calculations are done as part of your discovery cycle using the same AWS accounts that were configured as part of the existing AWS adapters.

Updated AWS Policy

In order to check all benchmark rules, the AWS policy needs to be updated.

  • If you already have an AWS account/role configured in your AWS adapter, you can add following permissions to its AWS policy.


    For details on how to configure AWS Policy, see Amazon Web Services (AWS) Adapter.

  • The following JSON represents the minimum AWS policy required for Cloud Asset Compliance for AWS, which provides Axonius read-only access to resources required for checking all CIS AWS Foundation Benchmark v1.2 rules.

        "Version": "2012-10-17",
        "Statement": [
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                "Resource": "*"

Update Advanced Settings to view Affected Assets

The Affected Assets displays IAM Users, EC2 machines, and S3 buckets that are affected from AWS entities that failed the check of rules in the CIS benchmarks.
In order to display this assets the following must be enabled in the Advanced Settings in the AWS Adapter:

  • Fetch information about IAM Users
  • Fetch information about S3


Without these settings enabled, you will not be able to see the affected assets in the Devices/Users page.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.