Skip to main content

Connect to AWS Cloud

AWS cloud connector

 

1. What evidence does this connector collect?

ControlMap scans your AWS environment on a daily or a weekly basis for CIS best practices such as MFA being used, backups being enabled on RDS instances, and databases being encrypted. 

You can read more about the best practices on the AWS-CIS website here.

 

For the complete list of evidence collected click on the 'Show' list of rules on AWS integration screen in ControlMap.

 

pI7tRGvM4lfC4abyjJfoT6pLb7KcA9jeyw.png

 

How does ControlMap connect to AWS?

ControlMap creates an IAM role with READ and LIST only permissions which it uses to connect to your environment and perform compliance checks. The role can be easily created by using a Cloud Formation template (clicking on the 'Create ControlMap role in your AWS' button on the integration screen in ControlMap).

Once the role is successfully created, provide the URN of the role in ControlMap settings. You can view the ARN of the role in the 'Outputs' tab of the Cloud Formation stack if you are using a CloudFormation stack.