Alibaba Cloud
Cyscale enables you to keep track and secure your Alibaba Cloud (Aliyun) infrastructure natively. You connect your Aliyun account(s) by creating a RAM role that Cyscale can assume to read your Aliyun resources.
Connecting Your Alibaba Cloud Account
Once you are ready to connect your Aliyun account(s) and have the required permissions, press the Create button from the top-right corner, select Add Connector, and choose Alibaba. You will be greeted with a simple multi-step process.
Step 1
In the first step, you provide a name for your Alibaba Cloud account to be used throughout Cyscale. This is a plain-text identifier that helps you better manage your resources.
Step 2
In the second step, you create the Alibaba RAM role. Cyscale provides you with the exact steps to create the role.
While the permissions you grant to Cyscale are limited to reading the configuration of your cloud resources, you might still be concerned about the security of your Alibaba Cloud account. Setting the trust relationship with the Cyscale Alibaba Cloud account means that any entity from the Cyscale Alibaba Cloud account with the privilege to assume the role from your account can read your Aliyun infrastructure.
The Cyscale Alibaba Cloud account (5015623141518445) follows all the best practices and is continuously secured by Cyscale itself.
Step 3
In the third step, the system makes sure the connection to your cloud account can be established and starts the first sync in the background. You can navigate to the cloud account overview page. The page will automatically refresh when the sync and assessment are completed.
Deep Dive on Permissions
Since Cyscale connects to your Aliyun account(s) by assuming the RAM role you create, all permissions are controlled through the policies that are attached to the role.
To benefit from everything Cyscale has and will have to offer, the following policy is required:
- ReadOnlyAccess - This system policy grants read access to all Aliyun resources. You can see the permissions it provides in the Alibaba Cloud Console.
Managing Your Connected Alibaba Cloud Account(s)
Once connected, your Aliyun account(s) will show up in the Connectors list. From there, you can either use the inline actions or navigate to the overview page of the cloud account. The available options are:
Configure
You can update the following information for your Aliyun cloud accounts:
- Name - this helps you better identify the cloud account throughout the Cyscale platform
- Role ARN - in case you want Cyscale to use another RAM role
Disable/Enable
By default, all connectors are enabled. If you want to prevent Cyscale from syncing and assessing your assets for a certain connector, you can disable it. The state of the connector in Cyscale will be locked until you enable it again. The assets will not be updated based on your actual resources and assessments will not be performed for them.
Sync
You can always trigger a new sync and assessment manually for a given connector (unless the sync is already in progress). This will make Cyscale read all your resources for that particular connector, evaluate the applicable controls, and generate any alerts if necessary.
Service Coverage
The Alibaba Cloud resources that Cyscale can handle are listed in the tables below, along with the number of controls that check their configuration:
Compute | # of Controls |
---|---|
Cluster (ACK) | 0 |
Function | 1 |
FunctionService | 0 |
VM (ECS) | 2 |
Databases | # of Controls |
---|---|
DBInstance (ApsaraDB) | 7 |
IAM (RAM) | # of Controls |
---|---|
IAMGroup | 0 |
IAMPasswordPolicy | 8 |
IAMPolicy | 1 |
IAMRole | 0 |
IAMUser | 5 |
IAMVirtualMFADevice | 0 |
Services | # of Controls |
---|---|
MNSQueue | 0 |
MNSSubscription | 0 |
MNSTopic | 0 |
Management | # of Controls |
---|---|
CloudAccount | 3 |
IAMAccountSummary | 0 |
Trail | 0 |
Networking | # of Controls |
---|---|
Domain | 1 |
SecurityGroup | 3 |
VPC | 0 |
VPCFlowLog | 0 |
VPCRouteTable | 0 |
Operations | # of Controls |
---|---|
Alert | 0 |
Security | # of Controls |
---|---|
KMSKey | 5 |
Storage | # of Controls |
---|---|
Bucket | 10 |
Disk | 2 |