Have you ever struggled to monitor user activity, access, permissions, and other security issues inside Amazon Web Services (AWS)? If so, you’re not alone.
We’ve had conversations with many engineers, admins, and IT managers who have expressed frustration over this issue.
While the dynamic nature of public cloud makes it powerful — admins can create new AWS users, assign permissions, enable services, and spin up resources with just a few clicks/CLI commands — it also yields unique security challenges.
Staying on top of who is doing what is crucial for organizations wanting to maintain a strong security posture and enforce compliance. Accomplishing this objective is not always straightforward in AWS.
The platform’s native monitoring tools require significant know-how to build and operate. They also don’t always provide real-time event monitoring in a user-friendly format. This is where JumpCloud’s Cloud Insights can help.
What Is Cloud Insights?
Cloud Insights is JumpCloud’s public cloud activity monitoring and compliance service. It is a tool that allows you to monitor and observe your AWS environment. We’ve made it simple to view, filter, and perform searches for AWS management events directly from your JumpCloud admin portal.
With Cloud Insights, IT admins and DevOps engineers can:
- Search AWS events with granular event detail filtering.
- Achieve security goals and satisfy IT compliance standards.
- Detect suspicious activity, for example activities from users that didn’t authenticate with JC SSO connector.
Cloud Insights delivers a user activity feed through a simple integration. The best part? It only requires the completion of a few basic steps that can be completed within minutes.
Note: You’ll need to create an integration for at least one AWS account before Cloud Insights event feed becomes visible.
How Cloud Insights Streamlines Monitoring
With Cloud Insights, you can filter events for identities based on their method of authentication into AWS: AWS SSO connector, IAM connector, or neither (e.g. IAM users with static credentials).
In this exercise we’ll navigate to the SSO filter and select the em dash (—) to only keep those events where the identity did not authenticate into AWS through any connector. Such identities / users could be in violation of many companies’ internal policies and compliance controls.
After making this filter selection, we can still see several events that aren’t traceable to users. These events include service events like cloud trail, lambda actions, and more.
We can narrow our search down further by focusing on human activity. Simply select the toggle as shown below:
Filtering and Multi-Account Support
Not only does JumpCloud’s Cloud Insights empower admins to proactively identify security vulnerabilities in AWS, but it also allows users to save specific search query settings.
That means reengaging in a complex filter combination is always just a click away. The above filter / radio button configuration can be saved as a view that can be easily referenced later.
In addition, Cloud Insights supports actionable visibility to all sizes and complexities of AWS deployments. This means you can now monitor multiple accounts within the same events feed.
Experience the Ease of Cloud Insights Today
Check out the video below to see JumpCloud’s Cloud Insights in action:
Ready to get started?