Onboard an Alibaba Cloud Account
After InsightCloudSec is successfully installed, you're ready to start harvesting data from your Accounts, which requires configuring Alibaba Cloud to "talk" with InsightCloudSec securely. As your inventory grows and your cloud accounts are fully visible, you can then begin to leverage the rest of InsightCloudSec, including Insights, Bots, Layered Context, and more.
This page and the functionality detailed here refer to the provider-specific Accounts capability available under Cloud > Cloud Accounts.
Opening the Cloud Account Onboarding Interface
Before you can begin the onboarding process, you'll need to navigate to the Cloud Account Onboarding interface, which provides a different experience depending on the type of user you are:
User | Description | Experience |
---|---|---|
First-time User | InsightCloudSec is freshly deployed and this will be the first time a Cloud Service Provider (CSP) has been onboarded. | Platform Users: Onboarding wizard launched from Platform Home by clicking the InsightCloudSec tile. InsightCloudSec Only Users: The onboarding wizard appears automatically after logging in using your unique InsightCloudSec URL. |
Returning User | InsightCloudSec has one or more CSPs already onboarded and you would like to add a new account. | Launched from within InsightCloudSec. Not a wizard. |
Admin User | You can login to the cloud provider and have the appropriate access to grant InsightCloudSec access to your account(s). | As an admin, you will need to complete some specific tasks within your Cloud Service Provider's (CSP) console to generate details needed for onboarding that either you or a non-admin user can input to InsightCloudSec. |
Non-Admin User | You can interact with InsightCloudSec and would like to onboard an account(s) but do not have the appropriate CSP access to grant InsightCloudSec access to your account(s). | You will need to copy and send a message to the admin asking them to complete specific tasks and provide you with the information you need to complete onboarding. |
Onboarding an Alibaba Cloud Account
A couple methods for onboarding your Alibaba Cloud Accounts are available depending on whether you're a non-admin or admin user.
Resuming cloud onboarding to InsightCloudSec
If you close the interface before completing Account onboarding, you can resume onboarding from the page you were on last.
Non-Admin User Instructions
Ask an admin for required information
As a non-admin user, you need to copy and send a message to the admin asking them to complete specific tasks and provide you with the information needed to complete onboarding.
First-time Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click InsightCloudSec to launch the onboarding wizard.
- Open a browser window to your unique InsightCloudSec URL and login. The onboarding wizard will appear automatically.
- On the Welcome screen, review key features and capabilities, then click Onboard a Cloud Account.
- On the Cloud Service Providers screen, select Alibaba Cloud.
- Select No - Help me identify the details needed, then click Next.
- Click the Copy button in the Alibaba Cloud Admin Instructions text box and share them with the admin.
Returning Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click the InsightCloudSec tile.
- Open a browser window to your unique InsightCloudSec URL and login.
- Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
- Click the + Add Cloud button in the top right-hand corner.
- Click the Alibaba Cloud button.
- Click Don't have admin access? in the bottom right-hand corner of the window.
- Click the Copy button in the Alibaba Cloud Admin Instructions text box and share them with the admin.
Finalize the Connection
When your admin has completed their steps and provided the information to you, you can now connect the Account.
First-time Users
- Return to InsightCloudSec using one of the methods below:
- In the Insight Platform, click InsightCloudSec to launch the onboarding wizard.
- Open a browser window to your unique InsightCloudSec URL and login. The onboarding wizard will appear automatically.
- The wizard should automatically return you to the Alibaba Cloud Admin Instructions page.
- Enter the following information (provided by your admin):
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Copy/paste the Access Key ID and Access Key Secret.
- Click Connect Account.
Returning Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click the InsightCloudSec tile.
- Open a browser window to your unique InsightCloudSec URL and login.
- Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
- Click the + Add Cloud button in the top right-hand corner.
- Click the Alibaba Cloud button.
- Click Don't have admin access? in the bottom right-hand corner of the window.
- Enter the following information (provided by your admin):
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Copy/paste the Access Key ID and Access Key Secret.
- Click Connect Account.
Admin User Instructions
As an admin, you must prepare your Account(s) for the connection with InsightCloudSec by creating a Resource Access Management (RAM) policy and assigning it to a new user. For more information on the custom roles that InsightCloudSec provides, review Alibaba Cloud Overview & Support.
Providing details to a non-admin user?
If you are providing details to a non-admin user to onboard the Account, ensure that the credentials you share with the non-admin user will include the appropriate access and enable them to connect your account with InsightCloudSec successfully. We recommend using a secure file sharing system to provide credentials to your non-admin user.
Alibaba Cloud Admin Onboarding Prerequisites
- Domain Admin permissions within InsightCloudSec
- An existing Alibaba Cloud account with the appropriate access to grant InsightCloudSec access to your cloud account(s)
Prepare Alibaba Cloud for Onboarding
To onboard an account for Alibaba Cloud you need to complete the following set of instructions:
Step 1: Create a RAM policy
- Login to the Alibaba Cloud console using the account you would like to connect to InsightCloudSec.
- From the Products and Services menu, in the Operations and Maintenance section, click Resource Access Management.
- In the RAM navigation menu, in the Policies section, click Policies.
- Click Create Policy, and then click JSON.
- In the JSON section, paste the details from the InsightCloudSec Read Only RAM JSON Policy. This Read-Only policy contains only read permissions for the Alibaba Cloud resources that InsightCloudSec supports.
- Click edit policy information, and enter a name.
- Click OK to finalize your RAM policy and then verify that your policy was successfully created under the Policies section.
Step 2: Create a new user
- In the RAM navigation menu, in the Identity section, click Users.
- Click Create User.
- Enter a logon name.
- In the Access Mode section, click OpenAPI Access.
- Click OK to finalize the creation of the user.
- Copy the Access Key ID and Access Key Secret for use in connecting the account in InsightCloudSec.
- Copy the field values to a secure location.
- Download a CSV file of the information and store in a secure location.
Step 3: Assign the RAM policy to the new user
- In the RAM navigation menu, in the Identity section, click Users.
- Select the user you just created.
- In the Basic Information section, on the Permissions > Individual, click Grant Permission.
- For the policy type, click Custom Policy.
- Select the RAM policy you just created.
- Click OK to finalize the changes.
- Confirm that permissions have been authorized, and click Complete.
- Review the user details to confirm that the policy permissions have been added correctly.
Connect the Account
After you generate the details necessary in Alibaba Cloud for onboarding, connect the account in InsightCloudSec.
First-time Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click InsightCloudSec to launch the onboarding wizard.
- Open a browser window to your unique InsightCloudSec URL and login. The onboarding wizard will appear automatically.
- On the Welcome screen, review key features and capabilities, then click Onboard a Cloud Account.
- On the Cloud Service Providers screen, select Alibaba Cloud.
- Select Yes - I have root user access..., then click Next.
- Skip to 2. Roles and enter the following:
- Copy/paste the Access Key ID and Access Key Secret.
- Click Next to proceed to 3. Finalize Connection.
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Click Connect Account.
Returning Users
- Login to InsightCloudSec using one of the methods below:
- In the Insight Platform, click the InsightCloudSec tile.
- Open a browser window to your unique InsightCloudSec URL and login.
- Navigate to Cloud > Cloud Accounts in the left-hand navigation menu.
- Click the + Add Cloud button in the top right-hand corner.
- Click the Alibaba Cloud button.
- Skip to 2. Roles and enter the following:
- Copy/paste the Access Key ID and Access Key Secret.
- Click Next to proceed to 3. Finalize Connection.
- Copy/paste the Nickname for the Account. This is a unique value that will be used to search Accounts across the system based on an identifiable label.
- Click Connect Account.
Success! You onboarded an Account
Congratulations on successfully onboarding an Alibaba Cloud Account! InsightCloudSec will now detect if there are any missing permissions that could cause impaired visibility into your Account. For information about modifying an existing onboarded account, check out the Cloud Account Setup & Management page.