Set up and Manage Cloud Accounts
Cloud Securityloud Security (InsightCloudSec) currently supports adding a cloud account from the following Cloud Service Providers (CSPs):
- Amazon Web Services
- Google Cloud Platform
- Microsoft Azure
- Oracle Cloud Infrastructure (OCI)
- Alibaba Cloud
Cloud Security (InsightCloudSec) also supports adding an organization for AWS
Account onboarding experience by role
Before you can begin the onboarding process, you’ll need to navigate to the Cloud Account Onboarding interface, which provides a different experience depending on the type of user you are:
| User | Description | Experience |
|---|---|---|
| First-time User | Cloud Security (InsightCloudSec) is freshly deployed and this will be the first time a Cloud Service Provider (CSP) has been onboarded. | Platform Users: Onboarding wizard launched from Platform Home by clicking the Cloud Security (InsightCloudSec) tile. * Cloud Security (InsightCloudSec) Only Users:** The onboarding wizard appears automatically after logging in using your unique Cloud Security (InsightCloudSec) URL. |
| Returning User | Cloud Security (InsightCloudSec) has one or more CSPs already onboarded and you would like to add a new account. | Launched from within Cloud Security (InsightCloudSec). Not a wizard. |
| Admin User | You can login to the cloud provider and have the appropriate access to grant Cloud Security (InsightCloudSec) access to your account(s). | As an admin, you will need to complete some specific tasks within your Cloud Service Provider’s (CSP) console to generate details needed for onboarding that either you or a non-admin user can input to Cloud Security (InsightCloudSec). |
| Non-Admin User | You can interact with Cloud Security (InsightCloudSec) and would like to onboard an account(s) but do not have the appropriate CSP access to grant Cloud Security (InsightCloudSec) access to your account(s). | You will need to copy and send a message to the admin asking them to complete specific tasks and provide you with the information you need to complete onboarding. |
Onboarding an account
As a first-time user (admin or non-admin), the cloud account onboarding wizard automatically launches when you open Cloud Security (InsightCloudSec). Otherwise, you can add a cloud from the Clouds > Cloud Accounts. Select the CSP you want to onboard and follow the on-screen instructions to configure and connect the account:
Managing existing cloud accounts
After you connect one or more cloud accounts, you can manage and review specific cloud account details.
View cloud accounts
- Go to Cloud > Cloud Accounts > Listing.
- To view details for a specific cloud account, including accounts that are part of a Cloud Organization, click the account name.
Remove cloud accounts
Users with the appropriate permissions can remove a cloud account from Cloud Security (InsightCloudSec) through the Clouds Listing page. If the account you’re removing is part of an existing CSP Organization that is recognized by Cloud Security (InsightCloudSec), the account ID will be automatically added to that organization’s skip list so the account will not be harvested in the future. Removing an account will only remove visibility of it from Cloud Security (InsightCloudSec). To permanently remove a cloud account, you’ll need to delete it from the CSP’s console or API.
To remove an account from Cloud Security (InsightCloudSec):
- Go to Cloud > Cloud Accounts and click the account you want to remove.
- On the Settings tab, click Remove Cloud Account to remove the target cloud account from the Cloud Security (InsightCloudSec) application.
Cloud Organizations
In Cloud Security (InsightCloudSec), the Organizations tab is where you manage your connected cloud service provider-based organization(s), available from Cloud > Cloud Accounts and click the Organizations tab. This section of the tool allows you to add and remove CSP-related Organizations and update configuration information for existing ones.
Cloud Organizations should not be confused with the Cloud Security (InsightCloudSec)-specific Organizations capability that allows for multi-tenant functionality available under Settings > System Administration > ICS Organizations.
Account Discovery
After completing the onboarding wizard for an organization, Cloud Security (InsightCloudSec) can automatically detect its member accounts and then you can automatically onboard them. Review the CSP-specific onboarding pages for more information:
Modifying an organization
To modify account discovery or configuration details:
- Go to Cloud > Cloud Accounts > Organizations.
- Click Action next to the organization you want to modify.
- Click Manage Organization.
- Modify the fields as necessary.
- Click Save.
Delete an organization
This will not delete the Organization within the associated Cloud Service Provider. It will just stop harvesting information for the Organization (and its child accounts) and delete it from Cloud Security (InsightCloudSec).
- Go to Cloud > Cloud Accounts > Organizations.
- Click Action next to the organization you want to delete.
- Click Delete Organization.