Login
    Contents x
    AWS Advanced Settings
    • 14 Apr 2024
    • 15 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    AWS Advanced Settings

    • Updated on 14 Apr 2024
    • 15 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    The Amazon Web Services (AWS) adapter has unique, advanced settings which enable configuring the logic around correlation of the AWS cloud servers (devices) and the information Axonius will fetch for each of them. Some of these settings required specific permissions. You can learn more about required permissions here.

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. Fetch ECS clusters (default: true) - Select this option to fetch ECS clusters.
    2. Fetch EKS clusters (default: true) - Select this option to fetch EKS clusters.
    3. Correlate ECS containers with their EC2 Instance - Select whether to correlate ECS containers with the EC2 host they are running on.
      • If enabled, this adapter correlates ECS containers with the EC2 host they are running on.
      • If disabled, this adapter will not correlate ECS containers with the EC2 host they are running on. Such ECS and EC2 resources will be created in Axonius as two different devices.
    4. Correlate EKS containers with their EC2 Instance - Select whether to correlate EKS containers with the EC2 host they are running on.
      • If enabled, this adapter correlates EKS containers with the EC2 host they are running on.
      • If disabled, this adapter does not correlate EKS containers with the EC2 host they are running on. Such EKS and EC2 resources will be created in Axonius as two different devices.
    5. Add information about Security Hub findings to assets - Select whether to fetch information about AWS Security Hub findings.
    Note:
    • In order to fetch SecurityHub information, you must have AWSSecurityHubReadOnlyAccess permission. Additional configuration is needed. Refer to Policies for GuardDuty, Macie, and SecurityHub.
    • To fetch SecurityHub findings from more than one region, navigate to AWS and select Get All Regions.

    1. Fetch ECR Images as devices - Select to fetch AWS ECR (Elastic Container Registry) public and private images as devices.

    2. Correlate ECR hosted images with compatible containers - Select to add more information to existing AWS ECS/EKS assets.

    3. Associate role policies to users and roles - Select this option to fetch more information from Access Advisor so that you can can search for all services that a user or role has access to but they did not use within a certain number of days. This can be used to create a least access IAM policy.
      To activate this capability and fetch this information, you need to select the following additional options in the AWS Configuration Advanced Settings:

      • Fetch information about IAM users
      • Fetch IAM roles as users
      • Parse IAM policies
      • Fetch IAM User’s AWS Services
        This feature only presents data after the second discovery cycle after you enable the feature.
    • If enabled, this adapter fetches additional information from the AWS IAM service.
    • If disabled, this adapter will not fetch additional information from the AWS IAM service.
    1. Fetch information about EC2 attached roles - Select whether to fetch information about each EC2 attached roles.
      • If enabled, all connections for this adapter will fetch information about each EC2 attached role from AWS.
      • If disabled, all connections for this adapter will not fetch any information about each EC2 attached role from AWS.
    2. Add information about Guard Duty findings to assets - Select to add information about Amazon GuardDuty findings to assets.
    Note:

    To use this parameter, Axonius requires AmazonGuardDutyReadOnlyAccess permission. Additional configuration is needed. Refer to Policies for GuardDuty, Macie, and SecurityHub.

    1. Fetch FSx metadata as assets - Select to fetch Amazon FSx metadata as assets.

      Note:

      The API for FSx metadata requires the fsx:DescribeFileSystems permission.

    2. Fetch Auto Scaling Groups as assets - Select this option to fetch Auto Scaling Groups and Policies.

    3. Fetch Secret Manager information - Select to fetch Secret Manager information.

    4. Fetch VPNs - Select to fetch Site-to-Site VPNs.

    5. Fetch information about ELB (Elastic Load Balancers) - Select whether to fetch the ELB as devices and enrich the ELB with EC2/ECS information.

    6. Fetch IAM groups as users - Select this option to fetch IAM groups and create a user for each IAM group fetched.

    7. Fetch policies as users - Select this option to fetch polices and create a user for each policy fetched.

    8. Fetch information about SSM (System Manager) - Select whether to fetch additional information from AWS SSM for each host.

      • If enabled, all connections for this adapter will fetch additional information from AWS SSM for each host.
      • If disabled, all connections for this adapter will not fetch any information about AWS SSM.

    9. Fetch information about NAT Gateways - Select whether to fetch NAT gateways as devices assets.

      • If enabled, all connections for this adapter will fetch all available NAT gateways data from AWS.
      • If disabled, all connections for this adapter will not fetch any NAT gateways data from AWS.

    10. Fetch internet gateways as devices - Select whether to fetch internet gateways as devices assets.

      • If enabled, all connections for this adapter will fetch all available internet gateways data from AWS. Each internet gateway will be added as a unique device.
      • If disabled, all connections for this adapter will not fetch any internet gateways data from AWS.

    11. Fetch route tables as devices - Select whether to route tables as devices assets.

      • If enabled, all connections for this adapter will fetch all available route table data from AWS. Each route table will be added as a unique device.
      • If disabled, all connections for this adapter will not fetch any route table data from AWS.

    12. Add route tables to devices - Select whether to fetch information about route tables and add it to the appropriate devices.

      • If enabled, all connections for this adapter will fetch all route table data from AWS for the following services:
        • EC2
        • ELB
        • IGW
        • NAT
        • RDS
        • Workspaces
        • ECS - only if Correlate ECS Containers with their EC2 Instance checkbox is enabled.
        • EKS - only if Correlate EKS Containers with their EC2 Instance checkbox is enabled.
      • If disabled, all connections for this adapter will not fetch any route table data from AWS.

    13. Fetch information about Elasticsearch - Select whether to fetch information on the existing Elasticsearch instances.

      • If enabled, all connections for this adapter will fetch all existing Elasticsearch instance data from AWS.
      • If disabled, all connections for this adapter will not fetch any Elasticsearch instance data from AWS.

    14. Fetch SNS topics as devices - Select this option to fetch SNS topics as devices.

    15. Fetch SQS queues as devices - Select this option to fetch SQS queues as devices.

    16. Fetch Backup data as devices - Select this option to fetch AWS backup plans and vaults. Backup plans define the backup requirements, including backup schedules, backup retention rules and lifecycle rules.
      Backup vaults are containers where the backups are stored. Note that permissions are required for this.

    17. Fetch Direct Connect data - Select this option to fetch Direct Connect assets associated with Network Services.

    18. Fetch Glue data as devices - Select this option to fetch glue data as devices. Note that permissions are required for this.

    19. Fetch Redshift Clusters as devices - Select this option to fetch basic information about Redshift Clusters.

    20. Fetch Service Catalog - Select this option to fetch AWS Services Catalog as assets.

    21. Fetch Step Functions - Select this option to fetch AWS step functions as assets.

    22. Fetch Kinesis Data Stream - Select this option to fetch the Kinesis Data Stream.

    23. Fetch Kinesis Data Analytics - Select this option to fetch the Kinesis Data analytics as devices.

    24. Fetch ELB IP using current DNS - Select whether to resolve the IP address of each ELB using the current DNS server.

      • If enabled, all connections for this adapter will resolve the IP address of each ELB using the current DNS server.
      • If disabled, all connections for this adapter will not resolve the IP address of each ELB.
        Note:

        This setting will only take effect if the Fetch information about ELB (Elastic Load Balancers) option is selected.

    25. Fetch information about RDS (Relational Database Service) - Select whether to fetch the information on the existing Amazon RDS instances. To fetch the disk volume used by Aurora DB from RDS cloudwatch 'GetMetricStatistics' permission must be enabled.

      • If enabled, all connections for this adapter will fetch all existing Amazon RDS instance data from AWS.
      • If disabled, all connections for this adapter will not fetch any Amazon RDS instance data from AWS.

    26. Fetch information about ElastiCache cluster - Select this option to fetch information about ElastiCache cluster

    27. Fetch information about Elastic Cache Replication Groups - Select this option to fetch information about Elastic Cache Replication Groups as an asset.

    28. Fetch information about DynamoDB (NoSQL Database Service) - Select whether to fetch the information on AWS DynamoDB.

      • If enabled, all connections for this adapter will fetch information on DynamoDB from AWS.
      • If disabled, all connections for this adapter will not fetch information on DynamoDB from AWS.

    29. Fetch SageMaker notebooks as devices - Select this option to fetch SageMaker notebooks as devices.

    30. Fetch information about S3 - Select whether to fetch information on Amazon S3 buckets, such as their ACL's, locations and their public status.

      • If enabled, all connections for this adapter will fetch information about Amazon S3 buckets data from AWS.
      • If disabled, all connections for this adapter will not fetch any Amazon S3 buckets data from AWS.
      • When using the Cloud Asset Compliance, this settings is required to view Affected Devices of type S3 buckets.

    31. Add information about Macie to S3 - Select whether to fetch information obtained by Amazon Macie about S3 buckets. Additional configuration is needed. Refer to Policies for GuardDuty, Macie, and SecurityHub.

    32. Enrich S3 Buckets With Bucket Size - Select this option to enrich “S3 bucket” devices with their bucket size. Note that you have to select 'Fetch information about S3' to use this option.

    33. Fetch information about IAM Users - Select whether to fetch information about IAM users, attached groups, attached policies and access keys.

      • If enabled, all connections for this adapter will fetch information about IAM users, attached groups, attached policies and access keys.
      • If disabled, all connections for this adapter will not fetch any information about IAM users from AWS.
      • When using the Cloud Asset Compliance, this setting is required to view Affected Devices of the type IAM Users.

    34. Fetch Transit Gateways - Select to fetch transit gateways.

    35. Fetch IAM roles as users - Select whether to add IAM roles as user assets.

      • If enabled, all connections for this adapter will fetch IAM roles from AWS. Each IAM role will be added as a unique user.
      • If disabled, all connections for this adapter will not fetch IAM roles from AWS.

    36. Fetch VPCs as assets - Select whether to add VPCs as assets.

      • If enabled, all connections for this adapter will fetch VPCs from AWS. Each VPC will be added as a unique asset.
      • If disabled, all connections for this adapter will not fetch VPCs from AWS.

    37. Fetch Subnets as assets - Select this option to split the subnets of a VPC network into individual assets.

    38. Parse IAM policies - Select whether to fetch information about the privileges that are granted to each AWS IAM user by group, inline and attached IAM policies.

      • If enabled, all connections for this adapter will query each AWS IAM user to determine the privileges that are granted to it by group, inline and attached IAM policies.
      • If disabled, all connections for this adapter will not fetch information about the privileges that are granted to each AWS IAM user.

    39. Fetch IAM Users' and Roles' AWS Services - Select whether to fetch the AWS Services accessed by an IAM User or IAM Role.

      • If enabled, all connections for this adapter will fetch the AWS Services accessed by an IAM User or Role.
      • If disabled, all connections for this adapter will not fetch the AWS Services accessed by an IAM User or Role.

    40. Fetch information about Workspaces - Select whether to fetch information about Amazon Workspaces.

      • If enabled, all connections for this adapter will fetch Amazon Workspaces data from AWS.
      • If disabled, all connections for this adapter will not fetch any Amazon Workspaces data from AWS.

    41. Fetch information about Lambdas - Select whether to fetch information on AWS Lambdas.

      • If enabled, all connections for this adapter will fetch AWS Lambdas data from AWS.
      • If disabled, all connections for this adapter will not fetch any AWS Lambdas data from AWS.

    42. Fetch information about Route 53 - Select this option to fetch information on Amazon Route 53 DNS records as Network Service assets. When appropriate permissions are assigned (route53domains:ListDomains, route53domains:GetDomainDetail), this setting also enriches the devices with Domain details information.

    43. Fetch CloudWatch Alarms as Assets - Select this option to fetch CloudWatch Alarms as assets.

    44. Fetch Global Accelerators as devices - Select this option to fetch Global Accelerators as devices, note that appropriate permissions (globalaccelerator:ListAccelerators,
      globalaccelerator:ListCustomRoutingAccelerators) are required.

    45. Fetch information about Cloudfront - Select this option to fetch information about Cloudfront from AWS.

    46. Fetch CloudFormation Stacks as Assets - Select whether to fetch CloudFormation Stacks as assets.

    47. Add WAF to devices - Select whether to enrich devices with WAF information. WAF (WebAcl) versions 1 and 2 for regional and Cloudfront devices.

      • If enabled, all connections for this adapter will enrich relevant devices with WAF information.
      • If disabled, all connections for this adapter will enrich devices with WAF information.

    48. Fetch Organizations as assets - Select whether to add Organizations data as assets.

      • If enabled, all connections for this adapter will fetch Organizations data from AWS. Each Organization will be added as a unique asset.
      • If disabled, all connections for this adapter will not fetch Organizations data from AWS.

    49. Fetch information about API Gateway - Select whether to fetch AWS API Gateways and their related data.

      • If enabled, all connections for this adapter will fetch AWS API Gateways and their related data.
      • If disabled, all connections for this adapter will not fetch AWS API Gateways and their related data.

    1. Fetch Inspector Findings (required, default: Do not fetch) - Select which AWS Inspector settings to fetch. If any of the Severity filters are selected, Axonius fetches security findings about EC2 instances directly from AWS Inspector (versions 1 and 2). ECR container findings are also fetched when Fetch ECR Images as devices is selected.
      The following AWS Inspector settings are available:

      • Severity High/Medium/Low - last 30 days
      • Severity High/Medium/Low/Informational - last 30 days
      • Severity High/Medium/Low - last 7 days
      • Severity High/Medium/Low/Informational - last 7 days

    2. Fetch information about AppStream devices - Select to fetch information about AppStream devices.

    3. Fetch information about AppStream users - Select to fetch information about AppStream users.

    4. Use Cloud ID as manufacturer serial number - Select this option to use the Cloud ID as the manufacturer serial number.

    5. Shodan API key for more IP info (optional) – Specify an API key which will be used to query information about public IP addresses.

    6. Verify all IAM roles (required, default: true) - Select whether to verify all IAM roles.

      • If enabled, all connections for this adapter will verify all IAM roles. If one of the IAM roles is not valid, the adapter connection will fail.
      • If disabled, all connections for this adapter will not verify all IAM roles. Only if all the IAM roles are not valid, the adapter connection will fail.

    7. Verify primary account permissions (required, default: true) - Whether or not the primary account permissions should be used when the adapter connections fetch data from AWS.

      • If enabled, all connections for this adapter will use the primary account permissions to fetch data from AWS. If the primary account permissions are insufficient, the adapter connections will fail to fetch the data.
      • If disabled, all connections for this adapter will only use the primary account to assume the roles attached to it, and the adapter connections will use those role permissions to fetch data from AWS. This setting should be disabled only if you want to use the primary account assumed roles permissions instead of the primary account permissions when fetching assets from AWS.

    8. Do not fetch EC2 machines that are turned off - Whether or not to fetch EC2 devices whose power state is turned off.

      • If enabled, all connections for this adapter will only fetch EC2 devices whose power state is turned on.
      • If disabled, all connections for this adapter will fetch all EC2 devices, regardless of their power state.

    9. Expand AWS IAM Policies (optional, default: true) - Select whether to expand AWS IAM policies.

    10. Propagate AWS Organizations account tags to associated assets - Select to propagate all tags of each AWS account to its hosted devices. For example, if Account X has Tag Y, all devices belonging to Account X have Tag Y.

    11. Number of accounts to fetch in parallel (required, default: 5) - For all connections for this adapter, specify the number of AWS accounts Axonius will fetch data from in parallel.

    12. Parallel workers amount in users fetch (required, default: 5) - Specify the number of distributed workers (processes) to fetch data during the users fetch phase.

    13. Advanced Modes - Implemented in specific cases as instructed by Axonius team.

    14. List of tags to parse as fields (optional) - Specify a comma-separated list of tag keys to be parsed as device or user fields. Each tag is a key-value pair that is part of the Adapter Tags complex field.

      • The tag is only parsed on AWS_EC2 resource types by default.

        • Tags with case-sensitive values are supported. Enter tags with case-sensitive values with double-quotes, e.g. . aws_ec2:”DEVELOP”
        • To specify a different resource type, enter the tag name in the form aws_resource_type:tag_name
        • Example: aws_s3:bucketteam, aws_s3:bucketdept, aws_dynamodb:dbteam

      • If supplied, all connections for this adapter will parse any of the listed tags that are associated with the fetched device or user as:

        • Values of the Adapter Tags field.
        • Designated field with the name of the tag key and the value of the tag value.

      • If not supplied, all connections for this adapter will only parse all tags as values of the Adapter Tags field.

    15. Perform distributed data processing - Select to fetch and process data-intensive parts in parallel, using distribution. This option accelerates the processing stages during the fetch.

    16. Number of workers for distributed data processing (optional, default: 2) - Specify the number of workers (independent processes that run in parallel) that process data.

    17. EC2 Host Name Population (optional, default: 'Public DNS or Private DNS') - Select the EC2 hostname population. Options are:

      • Public DNS or Private DNS
      • Public DNS
      • Private DNS
      • Disable - No EC2 hostnames are populated
    Note:

    To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout