MCAS connecting to AWS

Iron Contributor

We have a customer that has close to 200 separate “subscriptions” in AWS that needs connecting.

Our understanding is that this needs to be connected for *each* individual sub?


Given the amount of detailed steps – is it possible to accomplish this via API/Powershell to make things easier? As you might imagine this is a significant piece of effort - can it be automated to a certain degree? 


As we don’t have much visibility of the Security tools in the AWS side – do you have any feedback on what are the realistic expectations of improvements/features that a customer might find compelling to move in this direction?

Dave C

3 Replies

@David Caddick Thanks for your message!

As of now, there is no way to script, or connect AWS accounts in bulk.

we are currently working on such a capability, but not through scripting though.

can you confirm that you are currently planning to use AWS IAM for those connections?


Finally more info on the benefits you'll get by connecting AWS is available here:


let us know if you have additional questions.


Hi @Yoann_David_Mallet, understood on the lack of scripting - are there any other suggestions right now as to how to improve this process or is it just going to be a hard slog?


We were hoping to get *some* idea of what the benefits might really be - so as to understand whether it's actually worth the effort - rather than just being pointed at the documentation, are there any examples from other customers?


Happy to communicate directly or via Yammer if preferred? 

Thanks David.
Feel free to reach out in private if you would like to share some of the more personal use cases that your customer has.
In general, your first benefit will be to apply Threat Detection policies to your AWS accounts. Some are generic, like Impossible Travel, some are more tailored for Cloud Platforms, such as Mass VM Deletion.
Then you can also configure activity policies (there are number of built-in AWS templates that I invite you to review) to detect activities that are suspicious for your environment. You can also configure file policies to detect publicly shared items.

let me know if you need more info.