Skip to main content

Adding new Azure/AWS cloud accounts to Cye CSPM integration

This article walk you through adding new Azure/AWS cloud accounts to an existing Cye CSPM integration.

Adding cloud accounts to be scanned

Azure

Adding an Azure account/management group is done by installing the Cye CSPM Enterprise Application in the Azure tenant and granting it the Monitoring Reader role.

When a new Cye platform company is created, a company-specific Azure installer URL (valid for 1 week) is provided. This URL will be used to install the Cye CSPM Enterprise Application for each of the Azure tenants to be added to this specific CYE Platform company.

The Cye CSPM Enterprise Application installer URL is company-specific and adds the Azure account it is installed in to the specific Cye-Platform company it was generated for.

Be careful not to re-use installer URLs across different assessments (as it will result with adding the Azure account to the wrong Cye-Platform company.

install the Cye CSPM Enterprise Application

Installing the Cye CSPM Enterprise Application requires the Azure tenant Global Admin role

  1. Login to the Azure Account to be added

  2. navigate to the installer URL

  3. Provide consent

Connect an Azure subscription

Assign the Monitoring Reader role to the application:

  1. Choose the appropriate scope — either a subscription or a management group.

  2. Open Azure Subscriptions

    1. Go to https://portal.azure.com/#view/Microsoft_Azure_Billing/SubscriptionsBlade

    2. Select the subscription you want to connect.

  3. Open Access control (IAM)

    1. In the left menu of the selected subscription, select “Access control (IAM)”.

    2. Click “Add” ➜ “Add role assignment”.

  4. Choose the role

    1. Role: Monitoring Reader (Built-in)

    2. Click “Next”.

  5. Select the Hyver application

    1. Assign access to: User, group, or service principal.

    2. Click “Select members” and search for the application you authorized during the OAuth flow (for example, “CYE – Hyver”).

    3. Select it and click “Select”, then “Next”.

  6. Review + assign

    1. Review the settings and click “Assign”.

  7. installation confirmation

The new Azure account is added to Cye CSPM

  1. After Cye Enterprise application was successfully installed the account is automatically added to Cye CSPM.

  2. Approximately within 1 hr, Cye CSPM will start analyzing the account

  3. CYE CSPM data becomes available in Cye-Platform within 48 hrs.

AWS

Adding an AWS account to Cye-CSPM is done by launching a CloudFormation stack in the relevant AWS account.

When a new Cye platform company is created, a company-specific AWS CloudFormation stack launcher URL is provided (with no expiration date). This URL will be used to launch the CloudFormation stack for each of the AWS tenants to be added to this specific CYE Platform company.

The Cye CSPM CloudFormation launcher URL is company-specific and adds the AWS account it is created in to the specific Cye-Platform company it was generated for.

Be careful not to re-use launcher URLs across different assessments (as it will result with adding the AWS account to the wrong Cye-Platform company.

Launch the CloudFormation Stack

Requires an AWS Admin

  1. Login to the AWS Account/Organization to be added

  2. navigate to the Launcher URL

  3. Check the box for allowing Cloudformation creating IAM resources and click "Submit"

The new AWS account is added to Cye CSPM

  1. After Cye Enterprise CloudFormation stack was successfully created the account is automatically added to Cye CSPM

  2. Approximately within 1 hr, Cye CSPM will start analyzing the account

  3. CYE CSPM data becomes available in Cye-Platform within 48 hrs

Related Articles
Defining Cloud Engagements
AWS Engagement (Cloud Engagements)
Integrating with AWS – Full Guide
Integrating with Azure – Full Guide
Migrating to Cye CSPM — What's Changing and What to Know
Did this answer your question?