Many organizations are quickly growing their cloud footprint across multiple cloud providers. Rapid growth brings about more security risks that require greater visibility across various cloud environments and teams in an organization.
VMware Aria Automation for Secure Clouds helps organizations scale cloud security with ease as number of cloud accounts increase. Onboarding and management of cloud accounts in a security tool needs to be quick and seamless so that you can focus on managing misconfigurations and cloud governance. Instead of adding several accounts to our platform one account at a time through repeated manual actions, we want you to be able to onboard all accounts in a single action so you can easily manage your accounts in a single view.
Whether you prefer to discover and add your organizations’ accounts via a client UI or APIs, we have implemented new cloud account onboarding and management capabilities to support with easy onboarding of multiple AWS, Azure, and/or GCP cloud accounts at the Organization or Root Management Group levels. Within a matter of minutes of adding your accounts, all users in your organization will have visibility into your organizations’ security posture and by taking the advantage of the continuous onboarding feature, you will be able to easily discover and add new cloud accounts. You can also more efficiently manage accounts in a batch rather than at the individual account level with actions such as managing credentials, configuring event stream, and offboarding from the platform.
For both new and existing users, it is recommended to onboard all new and existing accounts at the Organization or Management Group levels to leverage account discovery and bulk management features. This will ensure maximum visibility into the security posture and help you to reduce risk across all cloud accounts in your organization. If you have previously onboarded your cloud accounts to our platform single account at a time, for AWS or Azure, follow the instructions in the “Re-onboarding previously onboarded accounts” section below for cloud provider of your choice to re-onboard with the bulk account method.
Re-onboarding previously onboarded accounts for AWS and Azure
For AWS Organizations
If you have previously onboarded the root account and member accounts of an AWS Organization, you can delete just the root account from VMware Aria Automation for Secure Clouds and re-onboard via the bulk onboarding method by referencing the product documentation for AWS onboarding.
For Azure Management Groups
While you can onboard a sub management group of a shared Azure AD tenant, it is highly recommended that you onboard at the Root Management Group level to be able to discover all subscriptions within this top-level Group. To onboard Subscriptions within the same management group, all Subscriptions will need the same set of credentials (Application ID and client secret) to be able to group these Subscriptions together under a single credential. For more detailed instructions, you can reference the instructions in our product documentation for Azure onboarding.
Bulk onboarding new accounts to the platform
To onboard your cloud accounts in the UI, go to Settings > Cloud Accounts and select the “Add Account” button in the VMware Aria Automation for Secure Clouds platform. Then, select your provider (AWS, Azure, GCP) and select the onboarding method as follows based on the provider:
- AWS: Organization (Member Accounts)
- Azure: Root Management Group (Multiple Subscriptions)
- GCP: Organization (Multiple Projects)
How to manage your accounts at the Organization or Management Group levels
Once you’ve onboarded all of your child accounts within an organization or Management Group, they will appear individually in the Settings > Cloud accounts data grid. To manage all accounts in a single view, select a specific child account from the data grid and click “Manage” in the Credentials or Application ID section.
This will lead you to the following view where you can see all of your linked cloud accounts.
You can also query information and manage your cloud accounts via the Cloud Accounts Service API.
Onboarding and managing your cloud accounts at the Organization or Management Group levels will provide your teams with visibility into your cloud security posture quickly and efficiently. We highly recommend you automate cloud account on-boarding with this functionality so you can focus on monitoring your public cloud environment rather than performing repeated manual tasks.