The account onboarding process is also known as the account connection process for public clouds. It is the process of establishing a connection between a CSPM account and your CSP account such as Microsoft Azure, AWS, GCP, Oracle Cloud, and so on. When the connection between the CSPM tool and the cloud account is established, CSPM can access your cloud infrastructure and scan it for vulnerabilities and other security issues.
Note
To make the concept easily understandable, the Microsoft Defender for Cloud CSPM tool is taken as a reference wherever it is imperative to explain with an example. This book does not justify one tool over another. The tool is chosen based on the information available publicly. Generic and high-level steps are provided here, which is not enough for onboarding an account. You must follow vendor documentation and support for successful onboarding. It is beyond the scope of this book to dive deep into a particular tool.
Onboarding AWS accounts
Connecting your AWS accounts to Microsoft Defender for Cloud allows you to leverage the security capabilities of Microsoft Defender to protect your AWS resources and workloads. This integration provides centralized visibility, threat detection, and incident response across your AWS infrastructure. Microsoft Defender for Cloud protects workloads in AWS, but you need to set up the connection between them and your Azure subscription.
Every CSPM vendor provides comprehensive documentation and support for successful account onboarding as part of their contract with customers. To connect your AWS account to Microsoft Defender for Cloud, you should follow its documentation and guidance.
Follow this documentation link to connect your AWS accounts to Microsoft Defender for Cloud: https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws.
Prerequisites
Before we set up the connection, you’ll need to be ready with the following:
- You need a Microsoft Azure subscription. If you do not have an Azure subscription, set one up.
- You must set up your CSPM (Microsoft Defender for Cloud in this case) on your Azure subscription.
- You must have access to an AWS account.
- Ensure you have appropriate permissions and access to manage AWS resources. You need to have Contributor permission for the relevant Azure subscription and Administrator permission on the AWS account.
Let’s begin!
- Set up an AWS IAM role: The first step is to create an IAM role in your AWS account that grants necessary permissions to Microsoft Defender for Cloud. Assign appropriate permissions to the IAM role, such as read-only access to your AWS resources. Make sure to define a trust relationship between the IAM role and the Microsoft Defender for Cloud service principal.
- Configure AWS account in Microsoft Defender for Cloud: Sign in to the Microsoft Defender Security Center. Navigate to Settings and select AWS accounts or Add AWS account. Provide the necessary details such as account name, AWS account ID, and the IAM role ARN (Amazon Resource Names) you created. Click on Add account to initiate the connection process.
- Validate the connection: Microsoft Defender for Cloud will attempt to establish a connection with the specified AWS account using the provided IAM role. If the connection is successful, you will see the AWS account listed as connected in the Microsoft Defender Security Center.
- Enable data collection: Once the connection is established, you can configure data collection settings for the AWS account. Decide which types of AWS data you want to collect, such as CloudTrail logs, VPC flow logs, or CloudWatch events. Enable the necessary data connectors and configure any required permissions or settings.
- Monitor and respond to threats: Defender for Cloud will start collecting and analyzing the security data from your AWS resources. Monitor the alerts and security recommendations provided by Defender for Cloud and take appropriate actions to remediate any identified threats.
If you follow the documentation steps correctly, you should be able to see that your AWS account has onboarded into the Microsoft Defender for Cloud CSPM tool, as shown in the following screenshot:
Figure 6.1 – Microsoft Defender for Cloud
Now that we have seen how an AWS account can be onboarded to Microsoft Defender for Cloud, let us look at how to onboard the same for Microsoft Azure.