Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  1. Console Overview
  2. Access Management

Manage Accounts

There are scenarios where it makes sense to centrally manage your security deployments.

PreviousManage UsersNextLinking an AWS Account

Last updated 5 months ago

Whether you just don't want to manage separate deployments across all of your AWS accounts or you want to follow an or an best practice implementation, the necessity to scan multiple accounts may be one of your requirements.

Cross account scanning is achieved by linking "remote accounts" (non-deployment accounts) through the console and then deploying a cross-account role within each remote account. This is a very simple process which will allow the console to see all of the buckets for the linked account as it would for the deployment account ("primary"). All aspects of management and protection and feedback are the same after these steps have been completed. Both event-based and retro-scanning fully work with linked accounts so you can scan both your go-forward data as well as any existing data. You can link as many accounts as desired.

Accounts can be linked and then added in stages as you want to roll them out. So feel free to link all of your remote accounts and then activate them singularly or in groups. And you can always deactivate / reactivate accounts later on as needed.

The same applies for linking Azure accounts, allowing you to scan Azure Blobs. Click one of the below links to learn more about linking accounts for each cloud provider.

Linking an AWS Account

Learn more about linking additional AWS accounts and ingesting the associated storage volumes.

Linking an Azure Account

Learn more about linking Azure accounts and ingesting associated Azure Blobs.

AWS Landing Zone
AWS Control Tower
Linked Accounts