Skip to main content

SaaS Overview

AWS CloudScanner SaaS is a deployment model in which Upwind manages the CloudScanner infrastructure on your behalf. Upwind runs the scanning infrastructure in an isolated, Upwind-managed AWS account dedicated to your scanning operations.

During onboarding, you provision a set of IAM roles in your AWS Organization. These roles allow Upwind to discover your accounts, fetch resource information, identify eligible resources, and execute the scan workflow through secure cross-account access. No compute, Auto Scaling Groups, or Lambda functions are deployed inside your environment.

This allows you to get full value from Upwind with minimal setup on your side.

What's in This Section

  • Architecture: covers the components and accounts involved in the SaaS architecture, and explains how they interact during scanning.
  • Prerequisites: lists the requirements that must be in place before starting the onboarding process.
  • Onboarding Flow: step-by-step instructions for connecting your AWS Organization to Upwind using the SaaS deployment model.
  • Glossary: defines the key terms, parameters, and resources you encounter during onboarding.
  • Troubleshooting: covers common issues that may occur during onboarding, with guidance on how to identify and resolve them.