You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/quickstart-onboard-aws.md
+8-13Lines changed: 8 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: Connect your AWS account to Microsoft Defender for Cloud
3
3
description: Defend your AWS resources with Microsoft Defender for Cloud
4
4
author: memildin
5
5
ms.author: memildin
6
-
ms.date: 11/02/2021
6
+
ms.date: 11/07/2021
7
7
ms.topic: quickstart
8
8
ms.service: security-center
9
9
manager: rkarlin
@@ -49,20 +49,12 @@ This screenshot shows AWS accounts displayed in Defender for Cloud's [overview d
49
49
- To connect an AWS account to your Azure subscription, you'll obviously need access to an AWS account.
50
50
51
51
-**To enable the Defender for Kubernetes plan**, you'll need:
52
-
- At least one Amazon EKS cluster with permission to access to the EKS K8s API server.
52
+
- At least one Amazon EKS cluster with permission to access to the EKS K8s API server. If you need to create a new EKS cluster, follow the instructions in [Getting started with Amazon EKS – eksctl](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html).
53
53
- The resource capacity to create a new SQS queue, Kinesis Fire Hose delivery stream, and S3 bucket in the cluster's region.
54
-
55
-
> [!TIP]
56
-
> To create a new EKS cluster follow guidance in [Getting started with Amazon EKS – eksctl](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html)
57
54
58
55
-**To enable the Defender for servers plan**, you'll need:
59
-
- Microsoft Defender for servers enabled (see [Quickstart: Enable enhanced security features](enable-enhanced-security.md)
60
-
- An active AWS account with EC2 instances managed by AWS Systems Manager (SSM) and using SSM agent
61
-
62
-
> [!TIP]
63
-
> Some Amazon Machine Images (AMIs) have the SSM agent pre-installed, their AMIs are listed in [AMIs with SSM Agent preinstalled](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-technical-details.html#ami-preinstalled-agent).
64
-
65
-
- If your EC2 instances don't have the SSM Agent, follow the relevant instructions from Amazon:
56
+
- Microsoft Defender for servers enabled (see [Quickstart: Enable enhanced security features](enable-enhanced-security.md).
57
+
- An active AWS account with EC2 instances managed by AWS Systems Manager (SSM) and using SSM agent. Some Amazon Machine Images (AMIs) have the SSM agent pre-installed, their AMIs are listed in [AMIs with SSM Agent preinstalled](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-technical-details.html#ami-preinstalled-agent). If your EC2 instances don't have the SSM Agent, follow the relevant instructions from Amazon:
66
58
-[Install SSM Agent for a hybrid environment (Windows)](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html)
67
59
-[Install SSM Agent for a hybrid environment (Linux)](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-linux.html)
68
60
@@ -82,11 +74,14 @@ Follow the steps below to create your AWS cloud connector.
82
74
83
75
1. The select plans tab is where you choose which Defender for Cloud capabilities to enable for this AWS account.
84
76
85
-
> [!IMPORTANT]
77
+
> [!NOTE]
86
78
> Each capability has its own requirements for permissions and might incur charges.
87
79
88
80
:::image type="content" source="media/quickstart-onboard-aws/add-aws-account-plans-selection.png" alt-text="The select plans tab is where you choose which Defender for Cloud capabilities to enable for this AWS account.":::
89
81
82
+
> [!IMPORTANT]
83
+
> To present the current status of your recommendations, the CSPM plan queries the AWS resource APIs several times a day. These read-only API calls incur no charges, but they *are* registered in CloudTrail if you've enabled a trail for read events. As explained in [the AWS documentation](https://aws.amazon.com/cloudtrail/pricing/), there are no additional charges for keeping one trail. If you're exporting the data out of AWS (for example, to an external SIEM), this increased volume of calls might also increase ingestion costs. In such cases, We recommend filtering out the read-only calls from the Defender for Cloud user or role ARN: arn:aws:iam::[accountId]:role/CspmMonitorAws (this is the default role name, confirm the role name configured on your account).
84
+
90
85
- To extend Defender for Servers coverage to your AWS EC2, set the **Servers** plan to **On** and edit the configuration as required.
91
86
92
87
- To extend Defender for Kubernetes coverage to your AWS EKS Linux clusters, set the **Containers** plan to **On** and edit the configuration as required.
0 commit comments