The Amazon Web Services (AWS) connector enables you to easily synchronize and ingest data from multiple AWS services, accounts, and regions to your Nucleus project.
This connector leverages cross-account roles to:
- Maintain an up-to-date asset inventory of:
- EC2 instances (taking into account terminated or stopped instances).
- ECR container repositories and images.
- Ingest vulnerabilities on:
- EC2 instances (Inspector 2 and Inspector Classic).
- ECR container images (Inspector 2 and ECR Basic Scanning).
- Enrich scan results with additional asset information, such as Open Ports & Services, or OS versions.
- Create powerful automation rules leveraging additional metadata synchronized from EC2 and ECR.
- Upload asset and vulnerability data to S3 buckets.
Connector setup checklist
Follow the steps in this checklist to successfully set up this connector:
-
Set permissions
Set up cross-account roles to grant Nucleus access to your organization's AWS accounts and resources. -
Set up instance sync
Synchronize the available AWS instances and resources across regions and accounts. -
Configure the connector
Configure the AWS connector to pull data from any of the following AWS services:
-
Configure data upload to S3
Configure the AWS connector to upload all asset and finding data from your Nucleus project to S3 buckets.