Manage Accounts
There are scenarios where it makes sense to centrally manage your security deployments.
Last updated
There are scenarios where it makes sense to centrally manage your security deployments.
Last updated
Whether you just don't want to manage separate deployments across all of your AWS accounts or you want to follow an or an best practice implementation, the necessity to scan multiple accounts may be one of your requirements.
Cross account scanning is achieved by linking "remote accounts" (non-deployment accounts) through the console and then deploying a cross-account role within each remote account. This is a very simple process which will allow the console to see all of the buckets for the linked account as it would for the deployment account ("primary"). All aspects of management and protection and feedback are the same after these steps have been completed. Both event-based and retro-scanning fully work with linked accounts so you can scan both your go-forward data as well as any existing data. You can link as many accounts as desired.
Accounts can be linked and then added in stages as you want to roll them out. So feel free to link all of your remote accounts and then activate them singularly or in groups. And you can always deactivate / reactivate accounts later on as needed.
The same applies for linking Azure accounts, allowing you to scan Azure Blobs. Click one of the below links to learn more about linking accounts for each cloud provider.
Linking an AWS Account
Learn more about linking additional AWS accounts and ingesting the associated storage volumes.
Linking an Azure Account
Learn more about linking Azure accounts and ingesting associated Azure Blobs.
