Cloudanix has 4 SKU (capabilities) and they have different system requirements. The requirements are common across all the different cloud systems which we connect and secure. If there are any specific or exceptional requirements, they are highlighted.
This is an agentless onboarding. Below are different areas where our users can expect a change in their cloud accounts.
No change.
No change. We do not depends on any native AWS security service like GuardDuty, AWS Config etc. So, neither we need it nor we will enable it.
Depends! If the cloudtrail is not enabled, we will enable it. The first copy of cloudtrail is for free so users do not get any additional AWS bill for this. To enable cloudtrail, we also need to create an S3 bucket as per AWS guideline. This a new S3 bucket will also be created. In most of the customers we see that CloudTrail is already enabled and thus we will not be changing anything there.
We create assume role based on AWS recommended best practice. Here is additional reading.
https://www.cloudanix.com/docs/aws/aws-authentication
2 roles are created. One for assume role to interact with Customers’ AWS Account. Another for sending event data from Customers’ AWS accounts to Cloudanix AWS Account.