Deploy ZeusCloud locally and scan your AWS account(s)! If you run into any issues, check out our Troubleshooting guide.
Your ZeusCloud deployment will need AWS credentials to scan your account(s). Either set up an IAM role for ZeusCloud or set up an IAM user with an access key. The former uses short-term credentials, which is more secure! However, it can take a bit more time to setup.
Option 1: IAM role (more secure)
Prerequisite: An existing named profile in ~/.aws/config
. ZeusCloud will request credentials for the IAM role via this named profile.
If you have no such named profile, either
~/.aws/config
and ~/.aws/credentials
.The steps to set up the IAM role are
~/.aws/config
for this new IAM role. Here’s a template:Option 2: IAM user + access key (faster)
The steps to set up the IAM user and access key are
Create a new IAM user in the account.
Attach the SecurityAudit policy to the user.
Create an access key for the user.
Access keys are long-term credentials. Be sure to delete the user / access key once they are no longer needed!
If you are not deploying locally (on an AWS VM, for instance), you will need to change the WEBSITE_DOMAIN
and REACT_APP_API_DOMAIN
environment variables in the .env
file before deploying. Examples are http://<your-vm-ip>:80
or https://<your-deployed-domain>:443
.
If you are deploying with Option 1, ZeusCloud expects your AWS configurations in ~/.aws
. If your configurations are in a different location, update the AWS_DIRECTORY
variable in the .env
file. For Windows, change to %USERPROFILE%\.aws
.
Visit http://localhost:80.
Once ZeusCloud is deployed, you must connect it to the AWS account(s) you would like to scan. Navigate to Settings > Add new account
. Fill in the Account Name
with whatever string-identifier you would like. Fill in remaining fields based on whether you are deploying with Option 1 or 2.
Option 1: IAM role
Named Profile
for Connection Method
.Profile
dropdown, select the named profile you created earlier.Option 2: IAM user + access key
User Access Key
for Connection Method
.AWS Access Key ID
and AWS Secret Access Key
with the access key credentials you just created.Once you connect your account(s), ZeusCloud will scan them and run various security rules.
This process may take 10-15 minutes.
Settings
page should show a percentage completed.cartography
container.You should see backend
container logs like above if the scan has successfully completed.
At the end of the scan, navigate to the Alerts
tab to see findings for misconfiguration and attack path security rules.
Check out the Rules
tab for a catalog of the security rules that were run. Check your compliance posture for various frameworks in the Compliance
tab.
Deploy ZeusCloud locally and scan your AWS account(s)! If you run into any issues, check out our Troubleshooting guide.
Your ZeusCloud deployment will need AWS credentials to scan your account(s). Either set up an IAM role for ZeusCloud or set up an IAM user with an access key. The former uses short-term credentials, which is more secure! However, it can take a bit more time to setup.
Option 1: IAM role (more secure)
Prerequisite: An existing named profile in ~/.aws/config
. ZeusCloud will request credentials for the IAM role via this named profile.
If you have no such named profile, either
~/.aws/config
and ~/.aws/credentials
.The steps to set up the IAM role are
~/.aws/config
for this new IAM role. Here’s a template:Option 2: IAM user + access key (faster)
The steps to set up the IAM user and access key are
Create a new IAM user in the account.
Attach the SecurityAudit policy to the user.
Create an access key for the user.
Access keys are long-term credentials. Be sure to delete the user / access key once they are no longer needed!
If you are not deploying locally (on an AWS VM, for instance), you will need to change the WEBSITE_DOMAIN
and REACT_APP_API_DOMAIN
environment variables in the .env
file before deploying. Examples are http://<your-vm-ip>:80
or https://<your-deployed-domain>:443
.
If you are deploying with Option 1, ZeusCloud expects your AWS configurations in ~/.aws
. If your configurations are in a different location, update the AWS_DIRECTORY
variable in the .env
file. For Windows, change to %USERPROFILE%\.aws
.
Visit http://localhost:80.
Once ZeusCloud is deployed, you must connect it to the AWS account(s) you would like to scan. Navigate to Settings > Add new account
. Fill in the Account Name
with whatever string-identifier you would like. Fill in remaining fields based on whether you are deploying with Option 1 or 2.
Option 1: IAM role
Named Profile
for Connection Method
.Profile
dropdown, select the named profile you created earlier.Option 2: IAM user + access key
User Access Key
for Connection Method
.AWS Access Key ID
and AWS Secret Access Key
with the access key credentials you just created.Once you connect your account(s), ZeusCloud will scan them and run various security rules.
This process may take 10-15 minutes.
Settings
page should show a percentage completed.cartography
container.You should see backend
container logs like above if the scan has successfully completed.
At the end of the scan, navigate to the Alerts
tab to see findings for misconfiguration and attack path security rules.
Check out the Rules
tab for a catalog of the security rules that were run. Check your compliance posture for various frameworks in the Compliance
tab.