CSPM uses the AWS-recommended best practice for connecting: a third-party cross-account role with an external ID and IP restriction. This is an IAM role that you create and then give CSPM the permission to assume. Even if a malicious user obtained the role information, they could not assume it from any AWS account other than CSPM's. CSPM then uses this role to make AWS API calls to your account.
How does CSPM connect to my AWS account? Print
Modified on: Wed, 12 Aug, 2020 at 9:22 AM
Did you find it helpful?Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.