Deploy ZeusCloud locally and scan your AWS account(s)! If you run into any issues, check out our Troubleshooting guide.
Prepare AWS Credentials
Your ZeusCloud deployment will need AWS credentials to scan your account(s). Either set up an IAM role for ZeusCloud or set up an IAM user with an access key. The former uses short-term credentials, which is more secure! However, it can take a bit more time to setup.
Deploy ZeusCloud Locally
1. Clone the repo.
git clone --recurse-submodules https://github.com/Zeus-Labs/ZeusCloud.git
2. Run ZeusCloud.
cd ZeusCloud make quick-deploy
If you are not deploying locally (on an AWS VM, for instance), you will need to change the
REACT_APP_API_DOMAIN environment variables in the
.env file before deploying. Examples are
If you are deploying with Option 1, ZeusCloud expects your AWS configurations in
~/.aws. If your configurations are in a different location, update the
AWS_DIRECTORY variable in the
.env file. For Windows, change to
3. Visit UI
Connect ZeusCloud to AWS
Once ZeusCloud is deployed, you must connect it to the AWS account(s) you would like to scan. Navigate to
Settings > Add new account. Fill in the
Account Name with whatever string-identifier you would like. Fill in remaining fields based on whether you are deploying with Option 1 or 2.
Wait for Scan
Once you connect your account(s), ZeusCloud will scan them and run various security rules.
This process may take 10-15 minutes.
- Monitor progress through the UI: the
Settingspage should show a percentage completed.
- Monitor the terminal as well: you should see logs from the
You should see
backend container logs like above if the scan has successfully completed.
Explore ZeusCloud Findings
At the end of the scan, navigate to the
Alerts tab to see findings for misconfiguration and attack path security rules.
Check out the
Rules tab for a catalog of the security rules that were run. Check your compliance posture for various frameworks in the