Aqua supports CSPM in Amazon Web Services (AWS) accounts to help ensure the security and compliance of AWS resources.


Getting Started

Connecting the Aqua to your AWS account is simple and straightforward, and takes about 5 minutes. CSPM connects to your account through the use of a third-party cross-account IAM role with an external ID for added security. Refer to the AWS setup guide for complete installation steps.

The Scanning Process

Once connected, CSPM will query various read-only APIs in your account to obtain information about the configuration of your infrastructure services. This information will be processed and analyzed by Aqua's security control plugins to produce a security report.

Example Findings

CSPM has hundreds of plugins, representing a variety of cloud security controls. Some example findings include:

  • Misconfigured S3 buckets exposed publicly
  • EC2 security groups configured to allow inbound access to sensitive services from the internet
  • RDS databases, EBS volumes, and other services that are not encrypted
  • IAM role policies that allow extensive service or wildcard access to the account

Next Steps

To begin auditing your AWS accounts, simply register for an Aqua account and follow the connection process above.