Enable the CIEM detection service for AWS

This page describes how to set up the Security Command Center Cloud Infrastructure Entitlement Management (CIEM) detection service to detect identity issues in your deployments on other cloud platforms, like Amazon Web Services (AWS).

The CIEM detection service generates findings that alert you to potential identity and access security issues in your AWS environment, such as highly privileged AWS IAM and AWS IAM Identity Center identities (accounts).

Before you begin

Before you enable the CIEM detection service, complete the following tasks:

Set up permissions

To get the permissions that you need to enable CIEM, ask your administrator to grant you the following IAM roles on your Google Cloud organization:

  • Chronicle API Admin (roles/chronicle.admin)
  • Chronicle SOAR Admin (roles/chronicle.soarAdmin)
  • Chronicle Service Admin (roles/chroniclesm.admin)
  • Cloud Asset Owner (roles/cloudasset.owner)
  • Create Service Accounts (roles/iam.serviceAccountCreator)
  • Folder IAM Admin (roles/resourcemanager.folderIamAdmin)
  • IAM Recommender Admin (roles/recommender.iamAdmin)
  • Organization Administrator (roles/resourcemanager.organizationAdmin)
  • Organization Role Administrator (roles/iam.roleAdmin)
  • Project Creator (roles/resourcemanager.projectCreator)
  • Project IAM Admin (roles/resourcemanager.projectIamAdmin)
  • Security Admin (roles/iam.securityAdmin)
  • Security Center Admin (roles/securitycenter.admin)

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Configure supporting components for CIEM

To enable the CIEM detection service to produce findings for other cloud providers, you must configure certain supporting components in Security Command Center.

Complete the following tasks to enable the CIEM detection service for AWS:

Use CIEM with Google Cloud

Most of the Security Command Center CIEM capabilities work by default for your Google Cloud environment and don't require any additional configuration. As part of Security Command Center's CIEM capabilities, findings are produced automatically for Google Cloud as long as you have an active Security Command Center Enterprise subscription.

What's next