Leverage AWS recommended Best Practice to connect
Cloudanix uses AWS recommended approach called Cross Account IAM Roles to sync information from your AWS account and it’s resources. We do not store any sensitive information like your AWS Account Access Keys and Access Secrets inside Cloudanix. Read more here.Connecting to your account for the first time
We use a CloudFormation template to create a Stack to create appropriate roles to get the access to your account. This creates a cross account role with minimal permission set.Monitored Regions
Out of the box, all the Regions are monitored by Cloudanix. For Opt-In Regions in AWS, enable the Region in your AWS Console.- US East (Ohio) - us-east-2
- US East (Virginia) - us-east-1
- US West (N. California) - us-west-1
- US West (Oregon) - us-west-2
- Asia Pacific (Mumbai) - ap-south-1
- Asia Pacific (Osaka) - ap-northeast-3
- Asia Pacific (Seoul) - ap-northeast-2
- Asia Pacific (Singapore) - ap-southeast-1
- Asia Pacific (Sydney) - ap-southeast-2
- Asia Pacific (Tokyo) - ap-northeast-1
- Canada (Central) - ca-central-1
- Europe (Frankfurt) - eu-central-1
- Europe (Ireland) - eu-west-1
- Europe (London) - eu-west-2
- Europe (Paris) - eu-west-3
- Europe (Stockholm) - eu-north-1
- South America (São Paulo) - sa-east-1
- Africa (Cape Town) - af-south-1
- Asia Pacific (Hong Kong) - ap-east-1
- Asia Pacific (Hyderabad) - ap-south-2
- Asia Pacific (Jakarta) - ap-southeast-3
- Asia Pacific (Melbourne) - ap-southeast-4
- Canada West (Calgary) - ca-west-1
- Europe (Milan) - eu-south-1
- Europe (Spain) - eu-south-2
- Europe (Zurich) - eu-central-2
- Israel (Tel Aviv) - il-central-1
- Middle East (Bahrain) - me-south-1
- Middle East (UAE) - me-central-1
Permissions
We are very diligent and prescriptive of the permissions we ask for. Depending upon which capabilities you pick, corresponding permissions are requested. For e.g. if you chose to use only Misconfig capability, then our permissions are strictly READ-ONLY permissions only! These policies are customized to get us minimal permissions and also which do not share any sensitive information from your account. You can always examine the CloudFormation template before you execute it in your AWS account.Misconfig Capability
We have taken enough time and done through analysis to seek out the minimal permission set required to run effective audit against your AWS account. More details here.Events, Threats & Anomaly Detection Capability
Permissions
Permissions
IAM Right Sizing Capability
Permissions
Permissions
IAM JIT Capability
Permissions
Remediation Capability
Permissions