Setting up Agentless Scanning using AWS CloudFormation
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
If you’ve already set up Cloud Security Management and want to add a new AWS account or enable Agentless Scanning on an existing integrated AWS account, you can use either Terraform or AWS CloudFormation. This article provides detailed instructions for the AWS CloudFormation approach.
If you're setting up Cloud Security Management for the first time, you can follow the
quick start workflow, which also uses AWS CloudFormation to enable Agentless Scanning.
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- At the bottom of the AWS section, click Add AWS accounts by following these steps. The Add New AWS Account(s) dialog is displayed.
- Select the AWS region where you want to create the CloudFormation stack.
- Select an API key that is already configured for Remote Configuration. If the API key you select does not have Remote Configuration enabled, Remote Configuration is automatically enabled for that key upon selection.
- Send AWS Logs to Datadog and Enable Cloud Security Management are automatically selected by default. Leave the selections as is.
- In the Agentless Scanning section, toggle Host Vulnerability Scanning, Container Vulnerability Scanning, Lambda Vulnerability Scanning, and Data Security Scanning to the on position.
- Click Launch CloudFormation Template. A new window opens, displaying the AWS CloudFormation screen. Use the provided CloudFormation template to create a stack. The template includes the IAM permissions required to deploy and manage Agentless scanners.
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- Click the Edit button for the AWS account where you want to deploy the Agentless scanner.
- Verify that Enable Resource Scanning is toggled on. If it isn’t, switch the Enable Resource Scanning toggle to the on position and complete Steps 3-7 in New AWS Account.
- In the Agentless Scanning section, toggle Host Vulnerability Scanning, Container Vulnerability Scanning, Lambda Vulnerability Scanning, and Data Security Scanning to the on position.
- Click Done.
Exclude resources from scans
To exclude AWS hosts, containers, and Lambda functions from scans, apply the tag CompanyAgentlessScanner:false
to each resource. For detailed instructions on adding this tag, refer to the AWS documentation.
Disable Agentless Scanning
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- To disable Agentless Scanning for an account, click the Edit button and toggle the Agentless Scanning section to the off position.
- Click Done.
To uninstall Agentless Scanning, log in to your AWS console and delete the CloudFormation stack created for Agentless Scanning.
Further Reading
Documentation, liens et articles supplémentaires utiles: