Within AWS, users must be, at a minimum, AWS IAM group members with the AWS Policy of AmazonEC2ReadOnlyAccess.
Prerequisites before Configure Azure Cloud Scanner.
1. Follow this link to create the App Registration in the Azure Portal.
2. Copy the secret Key (Not secret ID) somewhere safe. You will need it for the below steps & It won't show up again when you leave the AZ Portal.
3. Browse to the Overview blade of your newly created App Registration.
4. Copy the Application (client) ID & Directory (tenant) ID to a Notepad.
5. Follow below “Configuring CLoud Discovery” instructions to enter the creds.
Configuring Cloud Discovery
- Browse to Settings > Zones.
- Select the zone and collector you want to perform Cloud discovery.
Click the Cloud tab.
Cloud discovery is initially disabled.
Click Edit and the Enable Cloud Discovery checkbox.
The configuration is saved.
- You can copy & paste your credentialsor Upload your cloud credentials as a plain text file, ordered as you would have them read by Lumeta (i.e., top will be read first). You may download a sample file to see the formatting. Note: Copy & Paste only work for versions 188.8.131.52 or higher.
- Cloud Alias -aws
- Cloud Version -aws
- Access Key - AKIAI7BP7YKJPIFKAM4A
- Regions - us-east-1
- Service Name -aws
- Subscription -
- Resource Group -
- Client ID
- Tenant ID
- Save your results and exit. Cloud Discovery starts immediately.
To use the cloud collector configuration, within AWS, make sure you are in an a user AWS IAM group with a minimal AWS Policy of AmazonEC2ReadOnlyAccess.