Skip to main content

Continuously Scan AWS - Mondoo-Hosted Integration

A Mondoo-hosted AWS integration provides continuous security and compliance scanning for an AWS account without installing any agents in your AWS or incurring additional AWS cost. An AWS access key gives Mondoo integration the access it needs to continuously scan your AWS account. To learn about AWS access keys, read Managing access keys for IAM users in the AWS documentation.

info

Mondoo also offers a serverless method for assessing AWS security. It provides cron-scheduled and event-based continuous scanning of your AWS accounts or your entire AWS Organization using a Lambda function. To compare the two approaches, read Continuously Scan with an AWS Integration.

Create an AWS user and access key for Mondoo

To give Mondoo the access it needs to continuously scan your AWS account, create an AWS user and access key. You give the key and its secret to Mondoo, which securely stores them.

  1. In the AWS access portal for the account you want to integrate with Mondoo, go to Identity and Access Management (IAM).

  2. In the left menu, select Users.

    AWS IAM users

  3. Select the Create user button.

    AWS IAM users

  4. Enter the user name Mondoo and select the Next button.

  5. Select Attach policies directly.

  6. Search for ReadOnlyAccess and check the box next to the permission named simply ReadOnlyAccess. The ARN for this permission is arn:aws:iam::aws:policy/ReadOnlyAccess.

    AWS IAM users

  7. Select the Next button and then select the Create User button.

    AWS IAM users

  8. In the success confirmation message, select the View user button.

  9. Select the Security Credentials tab.

    AWS IAM users

  10. Under Access Keys, select the Create access key button.

  11. Select Third-party service, check the I understand the above recommendation and want to proceed to create an access key box, and select the Next button.

AWS IAM users

  1. Enter a description for the key and select the Create access key button.

  2. Keep the page with the key open in your browser as you continue to the next steps.

Set up a new AWS integration

note

Only team members with Editor or Owner access can perform this task.

  1. In a new browser window, access the Integrations > Add > AWS page in one of two ways:

    • New space setup: After creating a new Mondoo account or creating a new space, the initial setup guide welcomes you. Select BROWSE INTEGRATIONS and then select AWS.

      Welcome to Mondoo Page

    • INTEGRATIONS page: In the side navigation bar, under INTEGRATIONS, select Add New Integration. Near the top of the page, select AWS.

    AWS integration options

  2. Select SELECT MONDOO-HOSTED INTEGRATION.

    integration-create-image

  3. In the Choose an integration name box, type a recognizable name for this AWS asset.

  4. Access the AWS IAM tab in your browser that shows the access keys you created in the steps above. Copy the Access key value.

    AWS access portal

  5. In the Mondoo Console tab in your browser, under Enter authentication details, paste the value in the Access Key ID box.

    AWS access keys

  6. In the AWS IAM tab in your browser, copy the Secret access key value.

  7. In the Mondoo Console tab in your browser, under Enter authentication details, paste the value in the AWS secret access key box.

  8. Select the START SCANNING button.

Manage an AWS integration

You can view the status of an AWS integration, change its configuration options, and more on its integration page.

note

Only team members with Editor or Owner access can perform this task.

To access an existing integration:

  1. In the Mondoo Console, navigate to the space containing the integration.

  2. In the side navigation bar, under Integrations, select AWS.

    integration-list-image

  3. Select the integration you want to view or manage.

    integration-detail-image

View an integration's status

Mondoo shows the status at the top of the integration page, beside the integration name.

Mondoo AWS integration status and actions

Theses are the possible statuses for an AWS integration:

StatusMeaning
configuringMondoo is sending the scan configuration options to the integration and the integration is saving those options.
activeThe integration is active and healthy.
errorMondoo detected an error during installation.
missingMondoo hasn't received a check-in from the Lambda function for over an hour.
deletedCloudFormation for the integration has been deleted.

Ping an integration

At the top of the integration page, below the integration name, Mondoo shows the time of the last ping.

To ping the integration now, select the ping icon (a heartbeat to the left of the SCAN NOW button).

Request a fresh scan

note

Only team members with Editor or Owner access can perform this task.

To see fresh scan results, select the SCAN NOW button. Mondoo retrieves new scan results as soon as possible.

Enable and disable policies for an AWS integration

The RECOMMENDED POLICIES tab on the integration page lists policies that can help you protect your AWS environment. It shows which policies are enabled and disabled.

Policies for a Mondoo AWS integration

Use the toggle on the right side of each policy's row to enable or disable the policy.

note

Only team members with Editor or Owner access can perform this task.

To learn more about policies, read Policy as Code.

Remove an integration

note

Only team members with Editor or Owner access can perform this task.

To remove an integration, select the Remove (trash can) icon at the top of the integration page.

Remove an AWS Mondoo integration

A notification displays with a link to the CloudFormation Stacks list in the AWS console. Select the link and, in the AWS console, delete the stack. This removes the configured integration from Mondoo Platform and deletes the rule allowing the Mondoo AWS account to send events to the target account.

Learn more