Set up and Manage Cloud Accounts
InsightCloudSec currently supports adding a cloud account from the following Cloud Service Providers (CSPs):
- Amazon Web Services
- Google Cloud Platform
- Microsoft Azure
- Oracle Cloud Infrastructure (OCI)
- Alibaba Cloud
Organization support
InsightCloudSec also supports adding an organization for AWS, Azure, and GCP. Adding an organization is a process that is similar to adding a cloud account.
Account onboarding experience by role
Before you can begin the onboarding process, you'll need to navigate to the Cloud Account Onboarding interface, which provides a different experience depending on the type of user you are:
User | Description | Experience |
---|---|---|
First-time User | InsightCloudSec is freshly deployed and this will be the first time a Cloud Service Provider (CSP) has been onboarded. | Platform Users: Onboarding wizard launched from Platform Home by clicking the InsightCloudSec tile. InsightCloudSec Only Users: The onboarding wizard appears automatically after logging in using your unique InsightCloudSec URL. |
Returning User | InsightCloudSec has one or more CSPs already onboarded and you would like to add a new account. | Launched from within InsightCloudSec. Not a wizard. |
Admin User | You can login to the cloud provider and have the appropriate access to grant InsightCloudSec access to your account(s). | As an admin, you will need to complete some specific tasks within your Cloud Service Provider's (CSP) console to generate details needed for onboarding that either you or a non-admin user can input to InsightCloudSec. |
Non-Admin User | You can interact with InsightCloudSec and would like to onboard an account(s) but do not have the appropriate CSP access to grant InsightCloudSec access to your account(s). | You will need to copy and send a message to the admin asking them to complete specific tasks and provide you with the information you need to complete onboarding. |
Onboarding an account
As a first-time user (admin or non-admin), the cloud account onboarding wizard automatically launches when you open InsightCloudSec. Otherwise, you can add a cloud from the Clouds > Cloud Accounts. Select the CSP you want to onboard and follow the on-screen instructions to configure and connect the account:
Managing existing cloud accounts
After you connect one or more cloud accounts, you can manage and review specific cloud account details.
View cloud accounts
- Go to Cloud > Cloud Accounts > Listing.
- To view details for a specific cloud account, including accounts that are part of a Cloud Organization, click the account name.
Remove cloud accounts
Users with the appropriate permissions can remove a cloud account from InsightCloudSec through the Clouds Listing page. If the account you're removing is part of an existing CSP Organization that is recognized by InsightCloudSec, the account ID will be automatically added to that organization's skip list so the account will not be harvested in the future. Removing an account will only remove visibility of it from InsightCloudSec. To permanently remove a cloud account, you'll need to delete it from the CSP's console or API.
To remove an account from InsightCloudSec:
- Go to Cloud > Cloud Accounts and click the account you want to remove.
- On the Settings tab, click Remove Cloud Account to remove the target cloud account from the InsightCloudSec application.
Cloud Organizations
In InsightCloudSec, the Organizations tab is where you manage your connected cloud service provider-based organization(s), available from Cloud > Cloud Accounts and click the Organizations tab. This section of the tool allows you to add and remove CSP-related Organizations and update configuration information for existing ones.
Cloud Organizations should not be confused with the InsightCloudSec-specific Organizations capability that allows for multi-tenant functionality available under Settings > System Administration > ICS Organizations.
Account Discovery
After completing the onboarding wizard for an organization, InsightCloudSec can automatically detect its member accounts and then you can automatically onboard them. Review the CSP-specific onboarding pages for more information:
Modifying an organization
To modify account discovery or configuration details:
- Go to Cloud > Cloud Accounts > Organizations.
- Click Action next to the organization you want to modify.
- Click Manage Organization.
- Modify the fields as necessary.
- Click Save.
Delete an organization
This will not delete the Organization within the associated Cloud Service Provider. It will just stop harvesting information for the Organization (and its child accounts) and delete it from InsightCloudSec.
- Go to Cloud > Cloud Accounts > Organizations.
- Click Action next to the organization you want to delete.
- Click Delete Organization.