Amazon Web Services (AWS)
Overview
AWS organizational onboarding enables customers to seamlessly connect their AWS organizations to Upwind, offering centralized visibility, control, and protection for all member accounts. By leveraging the hierarchical structure of AWS organizations, this integration streamlines account management while safeguarding the entire cloud infrastructure against potential threats. It simplifies the setup and management of multiple AWS accounts by automating essential tasks such as role creation and permissions assignment.
Architecture
AWS organizational onboarding allows the integration of AWS organizations with Upwind by leveraging IAM role for automated account discovery. The process also includes creating read-only access roles for security auditing, and designating an administrator account for cloud scanner integration. This architecture supports centralized management and secure access across all member accounts within the organization.
Connecting an AWS organization involves three integration steps:
Step | Description | Purpose |
---|---|---|
1 | Enable account discovery across your organization. This step involves creating an IAM role to enable the discovery of all member accounts within your AWS Organization.
| Account discovery |
2 | Designate an administrator account for Upwind. This step involves selecting an existing AWS account to serve as the Upwind administrator account. Within this account, an additional IAM administration role will be created. This role is essential for managing cloud scanning operations, as it grants Upwind the necessary permissions to execute tasks across all member accounts efficiently.
| Cloud scanning |
3 | Enable secure read only access to all accounts. This step involves creating IAM roles in all member accounts to ensure secure management, monitoring, and protection. If a designated administrator account is selected, necessary IAM roles will also be created to support cloud scanning operations, ensuring comprehensive management and monitoring capabilities.
| Security auditing |
The diagram illustrates how to connect a new AWS organization to the Upwind platform.
Integration
The integration methods available for creating the necessary IAM roles for Upwind are as follows: