Forum Discussion
David Caddick
May 11, 2020Iron Contributor
MCAS connecting to AWS
We have a customer that has close to 200 separate “subscriptions” in AWS that needs connecting.
Our understanding is that this needs to be connected for *each* individual sub?
Given the amount of detailed steps – is it possible to accomplish this via API/Powershell to make things easier? https://docs.microsoft.com/en-us/cloud-app-security/connect-aws-to-microsoft-cloud-app-security As you might imagine this is a significant piece of effort - can it be automated to a certain degree?
As we don’t have much visibility of the Security tools in the AWS side – do you have any feedback on what are the realistic expectations of improvements/features that a customer might find compelling to move in this direction?
Regards,
Dave C
- Yoann_David_Mallet
Microsoft
David Caddick Thanks for your message!
As of now, there is no way to script, or connect AWS accounts in bulk.
we are currently working on such a capability, but not through scripting though.
can you confirm that you are currently planning to use AWS IAM for those connections?
Finally more info on the benefits you'll get by connecting AWS is available here: https://docs.microsoft.com/en-us/cloud-app-security/protect-aws
let us know if you have additional questions.
- David CaddickIron Contributor
Hi Yoann_David_Mallet, understood on the lack of scripting - are there any other suggestions right now as to how to improve this process or is it just going to be a hard slog?
We were hoping to get *some* idea of what the benefits might really be - so as to understand whether it's actually worth the effort - rather than just being pointed at the documentation, are there any examples from other customers?
Happy to communicate directly or via Yammer if preferred?
- Yoann_David_Mallet
Microsoft
Thanks David.
Feel free to reach out in private if you would like to share some of the more personal use cases that your customer has.
In general, your first benefit will be to apply Threat Detection policies to your AWS accounts. Some are generic, like Impossible Travel, some are more tailored for Cloud Platforms, such as Mass VM Deletion.
Then you can also configure activity policies (there are number of built-in AWS templates that I invite you to review) to detect activities that are suspicious for your environment. You can also configure file policies to detect publicly shared items.
let me know if you need more info.