Skip to main content
McAfee Enterprise MVISION Cloud

Integrate AWS

When integrating MVISION Cloud for AWS, you will use the Account Settings page to enter your AWS account information. You can also choose to upload a CSV file of all AWS account information. 

Before you begin, make sure you've created an Identity and Access Management (IAM) role in your AWS account to grant access to MVISION Cloud. Assign the permission template "ReadOnlyAccess" to this role. MVISION Cloud's Account ID and External ID are specific to you and will be available on the MVISION Cloud dashboard while enabling AWS integration.

Step 1: Create IAM Roles

To create an IAM Role in AWS with the required permissions:

  1. Login to your AWS account and select IAM from the services menu.
  2. Go to Users > Roles > Create role.
    clipboard_ec0661b47783cd01ada6e9f85542e5c3c.png
  3. Select Another AWS account, and copy the AWS account ID and external ID from the MVISION Cloud dashboard into the AWS.
    clipboard_e888d22f65156b1e398eb04a0a823dcc5.png
  4. Select the ReadOnlyAccess permission.
    clipboard_ec6b101c17658781581d67597bd53c227.png
  5. Enter the preferred Role name. For example, skyhigh_for_aws_role. For more information, see Configure MVISION Cloud IAM Roles for AWS
    clipboard_e63441c4a6492ad771c66c9fb041903ed.png
  6. Click the role name in AWS and copy the Role ARN.
    clipboard_ecd193b3ae0d91ecfca4f432f50f5cb22.png
  7. Paste the Role ARN into MVISION Cloud (refer to the instructions in Step 2: Integrate AWS).

Step 2: Integrate AWS

To integrate AWS:

  1. Login to MVISION Cloud and go to Settings > Service Management.
  2. Click Add Service Instance and select Amazon Web Services (AWS)
  3. Add an Instance Name and click Done.
  4. You are redirected to the Account Settings page. Select the features you want to enable for your AWS account:
    • DLP. Select this option to automatically enable the Near Real Time and On Demand Scan
      • Select Near Real Time to enable NRT DLP scan. For details, see Near Real Time DLP and Malware Scan.
      • Select On Demand Scan to provide Data Loss Prevention (DLP) protection to files stored in Amazon S3 Buckets. 
    • Activity Monitoring. Select this option to monitor the activity of AWS users and detect risk activity trends for the entire organization over time. If you do not select this option, you don't need to provide AWS Bucket names to MVISION Cloud. Learn more
    • Security Configuration Audit. Select this option to automatically enable the configuration audit and real-time configuration audit policies. Learn more
      clipboard_eba52177a532b32ece73dd8730c64d990.png
  5. Click Next. Review the mandatory prerequisites, click the checkbox, and click Next.
  6. Under Add Accounts, choose any method to provide AWS account information to MVISION Cloud:
    • Enter my account info manually. Choose this option, then type each AWS account's Role ARN, Preferred Name, and AWS Bucket Name (if you have enabled Activity Monitoring). To add multiple AWS account details, click Add.
      clipboard_e71b024781aaca1f63d9ffb4c8ea4bfcc.png
    • Upload a CSV with account info. Choose this option only if you have a CSV file in the following format. To upload a CSV file, click Upload CSV.
      role-arn, preferred-name, aws-bucket-name
      role-arn, preferred-name, aws-bucket-name

NOTE: If you have not enabled Activity Monitoring in the Account Settings page, you do not need to provide the Bucket Names.

  1. To authenticate the information of your AWS account, click Authenticate Accounts.
  2. On the unsuccessful authentication, you are redirected to the error screen. You can go back and fix the errors or if you do not want to fix the errors, click Continue With Error
    clipboard_e6981074d702876778a4082a91c84932b.png

NOTE: Some features might not work as expected if you click Continuing With Error.

  1. On successful authentication, view the message as Authentication Complete. Click Done.
    AWS integration complete 3.6.2.png
  2. Complete the further steps and go to Policies & Notifications.
  3. Select the pre-populated email ID(s) to notify any Configuration Audit Policy violation incidents. Alternatively, you can manually enter an email in the description box. For details, see Configure Account Administrator Email Notification.
  4. Click Next.
    clipboard_e666df61f20ac525776f1afc3bf98bfe4.png
  5. On the Summary page, verify your settings and to complete the integration, click Save.
  • Was this article helpful?