AWS Resource Inventory

Upon setting up the AWS connector, it starts discovering the resources in your AWS account. The inventory and the metadata of the resources are pushed to the Qualys portal. For a list of the resources that are getting collected, refer to Resources List.

To fetch the updated resources, you need to select Run from the quick actions menu for the AWS connector.

AWS Inventory for Cloud Identity Management

The AWS Inventory now includes support for Cloud Identity Entitlement Management. This security and identity management solution helps organizations control access to cloud-based resources and applications, following the principle of least privilege.

How Does Identity Management Help Secure Your Cloud?

CIEM solves the following challenges in your cloud environment.

Complexity

In the cloud, identities extend beyond users or service accounts; machine identities also exist. As Cloud infrastructures grow in complexity, managing identity entitlement guarantees control over the various identities in the infrastructure, reducing the management complexities. 

Access Control

Reducing the challenges of maintaining the principle of least privilege. Cloud admins often provide excessive permissions to various personas. Managing the associated privileges can go a long way in securing the cloud network.

Identity Lifecycle Management

Helps automate and keep user and service identity lifecycles up to date, including onboarding, offboarding, and role changes.

Audit and Compliance

Maintain audit trails to ensure compliance with industry regulations and internal policies.

Emerging Threats: Stay ahead of emerging security threats and vulnerabilities.

How Does TotalCloud Assist in Managing Identity Entitlement?

TotalCloud AWS Inventory has introduced additional resources to the inventory specific to CIEM. These resources can help track the permissions associated with the identities in your environment. The Policy Analyzer reviews these resources and checks them against newly introduced insights to show gaps in identity entitlements. 

Resources List

TotalCloud will discover and fetch the following resources and their corresponding attributes to display in the inventory. We support only the following resource type.

- RDS
- Network ACL
- S3 Bucket
- IAM User
- VPC
- Security Group
- Lambda Function
- Subnet
- Internet Gateway
- Load Balancer
- Instance
- Route Table
- EBS Volume
- Auto Scaling Group
- EKS Cluster
- EKS Node Group
- EKS Fargate Profile
- VPC Endpoint
- VPC Endpoint Service
- IAM Group
- IAM Policy
- IAM Role
- SageMaker Notebook
- CloudFront Distribution
- Route 53 Domains
- Route 53 Hosted Zone
- Redshift
- Elastic Container Registry

For IAM resources, the Policy Analyzer does not work on China accounts. TotalCloud only creates an inventory of the Policies. They will not be analyzed with Insights.

You can find additional resources on the inventory beyond what is listed above. These additional resources can be viewed but it does not have a Resource Details page and neither do they have dedicated tokens.

Known Issues

  • TotalCloud currently restricts the CSV download feature temporarily for the resource inventory. This limitation is planned to be addressed in the next release.
  • Some Redshift resources falling under CIDs 108 to 113 in Control Evaluations do not show resource details on click. This limitation is planned to be addressed in the next release.

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.