Cloud Accounts

Labels

Cloud	Account	Group	Connected	Licensed	Features	Interval	Last Scanned	Scan Now

Confirm Disable

Are you sure you want to disable this account?

Background scanning will be disabled
All existing saved scan reports will be deleted
Real-time events will no longer be collected
All suppressions and scan configurations will be lost

Type "disable" to confirm

Confirm Upgrade

Upgrade Account

Under the Developer plan, you are limited to a single enabled cloud connection. To continue scanning all your cloud connections, please update your plan.

Unit Usage Breakdown

Cloud	Type	Name	Units Consumed

Confirm Delete

Are you sure you want to delete this account?

All existing saved scan reports will be deleted
Real-time events will no longer be collected
All suppressions and scan configurations will be lost

Type "delete" to confirm

Scan Trends

Edit Connected Account

Account Name

Group

Scan Interval (Hours)

Organization Level Account When checked, this Organizational Unit will be used to scan at the Organization Level, all sub-units will automatically be added to CSPM. To make this your Organization Level Account follow the instructions linked below for each Cloud Provider:

Google Cloud Platform
Microsoft Azure

Org Project

Scan Timeframes Aqua can optionally scan your account only during the times marked in blue below (all times in UTC).

API Pagination (AWS Only) AWS accounts with a large number of resources may trigger the pagination of some API responses. Enabling pagination allows Aqua to make paginated API calls to AWS API endpoints to retrieve a complete response containing all resources.

Enable AWS API pagination

Unknown Results as New Risks When checked, "unknown" results will never be marked as "new" in scan reports or integrations.

Ignore unknown results

Labels

Update Connection

Configure Real-Time Events

CloudFormation Setup
Manual Setup

Ensure you are logged into the correct AWS account with permission to create CloudTrail trails.
Click here to launch the CloudFormation stack:
Click "Create" and wait for the stack to complete.

Ensure you are logged into the correct AWS account with permission to create CloudTrail trails.
Navigate to the CloudTrail service page.
Click "Create Trail."
Enter a trail name, such as "cloudsploit-events."
For "Apply trail to all regions," choose "Yes."
For "Read/Write events," choose "Write-only."
For "Log AWS KMS events," choose "No."
For "Log Insights events," choose "No."
Do not add any Lambda or S3 data events.
For "Storage Location," "S3 bucket," enter "cloudsploit-engine-trails".
Do not change any default settings under "Advanced."
Click "Create."

NOTE: Enabling Events may result in charges in your AWS account. Click here to learn more.

Event Rules

Event Rules are used to personalize the results delivered by Aqua Events. They are not used for traditional background scans. The settings here will be used as guidance when determining the severity result of real-time events.

Root User Usage Checking this box will lower the severity of events made by the root user. Aqua will not immediately mark an event call made by the root user as "FAIL" if this box is checked. Not recommended.

Allow root user usage (not recommended)

MFA Device Whether Aqua should analyze all API calls made by users to ensure the invoking user used an MFA device when logging in.

Allow API calls without MFA (not recommended)

Cross-Account Calls If checked, API calls made from other cloud accounts will be lowered in severity.

Allow cross-account access

Failed Logins If checked, Aqua Events will mark failed logins to the Cloud Management Console as a WARN result, even if the cloud provider successfully blocked the attempt. While useful, this may become overly noisy if users frequently forget passwords, etc.

Warn on failed login attempts to the Cloud Management Console

Unused Regions Selecting regions will alert Aqua that any activity in these regions should be more heavily scrutinized. Note that some global events, such as IAM, are listed by AWS as "us-east-1", so marking that region as "unused" may cause additional alerts.

Whitelisted IPs IP addresses listed here will not trigger "FAIL" results unless the event matches another rule or an urgent security issue. Enter each IP - one per line.

MFA Device Whether Aqua should analyze all API calls made by users to ensure the invoking user used an MFA device when logging in.

Allow API calls without MFA (not recommended)

Whitelisted IPs IP addresses listed here will not trigger "FAIL" results unless the event matches another rule or an urgent security issue. Enter each IP - one per line.

Unused Regions Selecting regions will alert Aqua that any activity in these regions should be more heavily scrutinized.

Whitelisted IPs IP addresses listed here will not trigger "FAIL" results unless the event matches another rule or an urgent security issue. Enter each IP - one per line.

On-Demand Scan

Category	Test	Region	Result	Resource	More Info

Enter MFA Token Code

The required 6-digit MFA token code.
This code can be found under the "Trust Relationship" for the IAM role in your AWS account.
Direct Link to AWS Console