Manage Accounts

There are scenarios where it makes sense to centrally manage your security deployments.

Whether you just don't want to manage separate deployments across all of your AWS accounts or you want to follow an AWS Landing Zone or an AWS Control Tower best practice implementation, the necessity to scan multiple accounts may be one of your requirements.

Cross account scanning is achieved by linking "remote accounts" (non-deployment accounts) through the console and then deploying a cross-account role within each remote account. This is a very simple process which will allow the console to see all of the buckets for the linked account as it would for the deployment account ("primary"). All aspects of management and protection and feedback are the same after these steps have been completed. Both event-based and retro-scanning fully work with linked accounts so you can scan both your go-forward data as well as any existing data. You can link as many accounts as desired.

Accounts can be linked and then added in stages as you want to roll them out. So feel free to link all of your remote accounts and then activate them singularly or in groups. And you can always deactivate / reactivate accounts later on as needed.

The same applies for linking Azure accounts, allowing you to scan Azure Blobs. Click one of the below links to learn more about linking accounts for each cloud provider.

Linking an AWS Account

Learn more about linking additional AWS accounts and ingesting the associated storage volumes.

Linking an Azure Account

Learn more about linking Azure accounts and ingesting associated Azure Blobs.

PreviousManage Users NextLinking an AWS Account

Last updated 15 days ago