More AWS Onboarding Enhancements and Policy Updates
Growing Panoptica isn’t always about what we can add. It’s also about what we can reduce, like the permissions required to onboard your AWS accounts. We have added a number of features to make the onboarding experience more efficient and less costly, while also streamlining the policies and roles needed to scan and secure your AWS resources.
-
Root Causes: Any issues in the CloudFormation stack creation process will now generate events in your CloudFormation console, with detailed error messages.
-
Dynamic Infrastructure: If you enable Workload Scanning, Panoptica now creates assets only in the regions where you have EC2 instances to scan.
-
Policy Updates: The policies created during onboarding now include specific conditions and resource-based restrictions to improve security and compliance. See Roles, Policies, and Permissions for details:
- Snapshot and Infrastructure Management: Permissions for creating, tagging, deleting, and managing snapshots and infrastructure components are now more precise and restrictive.
- Key Management: Permissions have been refined to ensure secure handling of encryption keys, including creation, encryption, and deletion.
- AWS Lambda and S3 Services: Permissions have been updated to restrict actions based on specific tags.
Edit Configuration: In addition, we have added the ability to edit the scanning preferences of an onboarded account. Simply update the stack configuration in your CloudFormation console to enable or disable CVE Scanning, serverless scanning, or data classification. See AWS Onboarding for details.