1. Introduction
What is AWS?
Amazon Web Services (AWS) is a leading cloud platform that provides organizations with scalable computing, storage, and networking services. Companies rely on AWS to host applications, manage data, and run critical business operations in the cloud. Because AWS environments are highly dynamic and may involve multiple accounts, they require continuous monitoring to ensure that configurations remain secure and compliant.
What is the AWS–Cye Platform Integration?
Cye Platform’s AWS integration enables continuous, automated assessments of your AWS environment. Once activated, Cye Platform:
Scans daily with minimal performance impact.
Identifies vulnerabilities and misconfigurations, and presents them clearly in the Findings page.
Automatically updates statuses when issues are fixed in AWS.
You can choose to assess one or multiple accounts, configure multiple assessments, and track their progress directly from the Engagement page in Cye Platform. To stay informed, you can also enable automatic notifications for new findings.
Note: SIEM integration is not supported for AWS.
2. Prerequisites
In this section, we’ll look at what you need to have ready before starting the AWS integration. These are the items you’ll need to prepare manually to ensure the setup runs smoothly.
Before setting up the AWS integration, make sure the following requirements are in place:
Integration per account: Each AWS account you want Cye Platform to assess must have its own defined integration in Cye Platform.
Engagement setup: When creating a new AWS engagement in Cye Platform, select from your existing AWS integrations.
User permissions: You’ll need an AWS user with sufficient permissions for:
AWS CloudFormation
AWS Identity and Access Management (IAM)
The integration process includes two main steps:
Verification – During this step, you’ll be asked to provide your AWS Account ID.
Role creation – Here, you’ll copy a value from Cye Platform and paste it into the AWS console to complete the trust relationship.
Required IP Addresses
For the integration to work smoothly, you may need to allow traffic from Cye Platform’s servers in your firewall or network configuration. This ensures that Cye Platform can securely connect to your environment and perform scans without being blocked.
Depending on your region and the type of scan, add the following IP addresses:
General IPs:
Europe →
18.198.79.197America →
52.1.10.176,35.171.70.87
IPs for Azure and AWS Scans:
Europe →
18.158.77.90America →
34.206.252.13
In most cases, you only need to add the IPs relevant to your region and use case.
Group Management and Integrations
This section explains how Cye Platform’s Group Management works in general, and how integrations behave when used in a Group Management setup.
What is Group Management in Cye Platform?
Cye Platform’s Group Management is designed for large enterprises with multiple subsidiaries. It gives you:
A centralized view of cybersecurity risk across the entire organization
Key metrics like exposure, cost of breach, and maturity scores
The ability to switch between subsidiaries and view their individual data
Parent admins and power users can view aggregated and subsidiary-level risk, while detailed findings remain visible only to members of the specific subsidiary
Data that updates in real time
To enable Group Management, contact your CYE Technical Account Manager.
How Integrations Work in Group Management
Here’s the important part:
Integrations are created only at the subsidiary level
Findings from an integration appear only in that subsidiary’s dashboards and reports
Parent companies cannot create integrations — they can only view the aggregated results
Best Practices for Combining Integrations with Group Management
To get the most out of Group Management with integrations, we recommend:
Each subsidiary should create its own integration, using credentials that only grant access to data relevant to that subsidiary
In some cases, it’s useful to also have a dedicated “General” company, which holds findings that apply to the entire enterprise and cannot be tied to a single subsidiary
The parent company then combines these insights and metrics from all subsidiaries and the General company — but remember, integrations cannot be connected directly to the parent company.
3. Configuring on the AWS Side
In this section, we’ll cover the configuration steps required inside AWS to complete the integration. You’ll learn:
How to perform the verification step, including which details to retrieve from your AWS console.
How to create a dedicated IAM role for Cye Platform using AWS CloudFormation, so that Cye Platform can securely assess your environment.
Setting up the AWS integration involves steps in both Cye Platform and AWS, and needs to be done for each AWS account you want to connect.
Important: Creating the integration alone does not generate findings. To start receiving results from AWS, you’ll also need to create an AWS engagement (we’ll cover that later in this guide). For now, let’s focus on the first stage: verification.
Verification
On the Cye Platform side, you’ll enter your AWS account details:
In Cye Platform, go to Settings > Integrations.
Select the AWS tile and click Add integration.
Fill in the required verification fields:
Name – A free-text name to identify the integration. (Note: special characters such as !, $, etc. are not allowed. If you use them, you’ll get an error and need to re-enter the name.)
Account ID – The unique identifier of the AWS account you want Cye Platform to assess.
To find it, log in to your AWS portal, go to the Access Portal, open Accounts, and locate the account you want to connect:
Copy the number that appears in that row (the account ID) and paste it into the field in Cye Platform.
Click Validate. If the account is valid, Cye Platform will display: Verified successfully.
Once verification is complete, you’re ready to move on to the second stage: creating the role in AWS.
Create the AWS Role (CloudFormation Setup)
You’re now on Stage 2: Role creation. In Cye Platform you’ll see this broken into five sub-steps—follow them, and use the simplified flow below as your guide.
Open AWS CloudFormation: Click the link shown in Cye Platform sub-step 1 to open the console: AWS CloudFormation.
Create a new stack: Choose Create stack (with new resources – standard):
Provide the template URL: In Specify template, select Amazon S3 URL and paste the URL shown in Cye Platform (sub-step 3). Click Next.
Accept defaults and submit: Keep the default settings unless your org requires tags/permissions. Acknowledge the IAM capabilities if prompted, then click Submit (or Create stack).
Copy the Role ARN from Outputs: When the stack finishes, open the Outputs tab, copy the Role ARN, and paste it into the Role ARN field in Cye Platform.
(There’s an example link in Cye Platform sub-step 5 if you want to see the expected format.)Save in Cye Platform: Click Save. A Connected status indicates the integration is successful.
Note: The CloudFormation template creates an IAM role and attaches a policy for cross-account, read-only access (named CYE_Read_Only_Role).
4. Configuring in Cye Platform
In this section, we’ll complete the Cye Platform-side actions so the integration actually runs. You’ll set up and activate an AWS Engagement, link it to your AWS integration, define the schedule and scope, and assign access.
Creating an AWS Engagement
Now that the integration setup is complete, the next step is to create and activate an AWS Engagement. Without an engagement, the integration will not run or generate findings.
What is an Engagement?
An engagement in Cye Platform defines the project scope for an assessment. It includes:
The type of assessment (in this case, AWS).
Start and end dates.
The reassessment frequency.
The integration it relies on.
Important: An engagement must be linked to a defined AWS integration in Cye Platform, and it must be activated to begin scanning.
Steps to Create an AWS Engagement
In Cye Platform, click Engagements from the left navigation bar.
Click + New Engagement.
Fill in the required fields:
Engagement name
Engagement type – select AWS
Schedule time – automatically set to Continuous
Start date and End date
Short description (optional)
Customer restrictions (optional)
Click Next.
Assessment Scope:
Select the relevant AWS integration from the dropdown:
If no integration is available, click New/Modify Definition to create one.
Click Create.
Select members and groups who should have access to the engagement. Click Done:
You can now click View My New Engagement to see the full details. Once activated, Cye Platform will begin continuous daily assessments of your AWS environment.
Status and Activation
Once your AWS engagement is active, Cye Platform automatically takes over the assessment process.
What happens after activation?
Cye Platform will:
Continuously assess your AWS environment.
Identify misconfigurations and security issues in real time.
Update the Findings view with newly discovered issues and associated assets.
Key Highlights
Vulnerability Findings Identification – Cye Platform automatically detects, monitors, and updates findings related to vulnerabilities in your AWS environment.
Automatic Remediation Verification – When you fix a finding in AWS, Cye Platform verifies the change and updates the status—no manual action required.
5. Viewing Results
Viewing AWS Assessments
After your AWS engagement is created and the assessment begins running, you can easily view the results in Cye Platform.
How to view assessment details
In Cye Platform, click Engagements from the left navigation bar.
Select the relevant engagement card from the Engagement Board:
Open the Assessments tab to see:
An overview of the assessment.
The latest status (displayed as a single row):
Note: If an assessment fails, a red error message will appear. Once the issue is fixed, Cye Platform will automatically retry the assessment:
6. Types of Fetched Entities
AWS Findings in Cye Platform
Cye Platform continuously keeps findings in sync with the state of your AWS environment.
Automatic Finding Creation
With each daily assessment, Cye Platform automatically adds newly detected issues as findings with the status Open.
Automatic Finding Verification
When you resolve an issue in AWS, Cye Platform verifies the fix during the next assessment.
If the fix is confirmed, the finding’s status is automatically updated to Fixed.
Behavior Logic
If you manually set a finding to Fixed, but the issue still exists in AWS, Cye Platform will automatically update the status to Reopen.
If you manually set a finding to On Hold, Acceptable Risk, or another custom status, Cye Platform will not override your choice — even if the issue remains in place.
7. Deleting the Integration
You can delete an AWS integration only if it is not linked to any active engagement (or if the engagement’s end date has already passed).
Important: Deletion must be completed on both sides — in Cye Platform and in your AWS account.
Delete the Integration in Cye Platform
In Cye Platform, go to Settings > Integrations.
Select the AWS tile.
Click Delete:
Delete the Integration in AWS
Open the AWS CloudFormation console.
Locate the stack that was created for the Cye Platform integration.
Click Delete to remove the stack:
Once the CloudFormation stack is deleted, Cye Platform will no longer have any permissions to access your AWS environment.
Wrap-up
In this article, we explored how to connect AWS with Cye Platform to enable daily, automated assessments of your cloud environment. We reviewed the integration steps, setting up and activating engagements, viewing assessments, managing findings, and safely deleting the integration when needed. Together, these steps ensure seamless monitoring, accurate findings, and smooth lifecycle management of AWS integrations in Cye Platform.