Protecting AWS resources with MDC

Step 2 - Connecting an AWS project

NOTE

Make sure that you have already deployed resources as outlined in "Step 1 - Deploying AWS Resources" in AWS account before proceeding to this step

Objectives

This exercise guides you on how to connect and protect AWS projects using Defender for Cloud.

Exercise 1: Login to your AWS account

First you need to login to your AWS account and note the Account ID.

  1. Navigate to AWS Console
  2. Provide the Account ID, username, and password
  3. Click Sign In
  4. Ensure that the Cloud Formation stack is fully deployed

Exercise 2: Create an AWS connector for the new AWS account in Microsoft Defender for Cloud

  1. Sign in to the Azure portal.
  2. Navigate to Defender for Cloud, then go to Environment settings.
  3. Select Add environment, then choose Amazon Web Services.
  4. Connecting an AWS account to an Azure subscription.
  5. Enter the details of the AWS account, including the location where you'll store the connector resource. Select the Single account option. Add AWS account
  6. Select Next: Select plans.

The Foundational CSPM plan is enabled by default.

  1. Ensure that the Defender CSPM, Servers, Containers and Database plans are set to On. Enable Defender plans in AWS
  2. Select Configure on each of the plans, to enable all the necessary configurations.
  3. Select Next: Configure access.
  4. Click Download the CloudFormation template.
  5. After the CloudFormation template has been downloaded, you can proceed with creating a stack in AWS. Service Principal Secret
  6. Login to your AWS account at AWS portal .
  7. Search for create stack and select cloud formation. AWS stack of type cloud formation
  8. Select template is ready AWS stack of type cloud formation
  9. Click upload a template and choose file. Here, input the downloaded CloudFormation template.
  10. Then give the stack a name.
  11. Leave everything else as default, and click Next.
  12. On Review check I acknowledge that AWS CloudFormation might create IAM resources with custom names, and click Submit.
  13. Select Create stack.
  14. Wait a few minutes for the stack to be successfully created in AWS.
  15. After the stack has been created, then go back to the other tab with the Azure Portal's Microsoft Defender for Cloud experience.
  16. In Defender for Cloud, click Next: Review and Generate.
  17. Select Create.

Now, you have successfully onboarded AWS to Microsoft Defender for Cloud, you'll be able to get AWS recommendations and alerts.

Exercise 3: Investigate the AWS recommendations

NOTE

You will need to create some AWS resources in order to see recommendations for AWS in Microsoft Defender for Cloud.

  1. Go to Microsoft Defender for Cloud in the Azure Portal.
  2. Go to the Recommendations tab in Defender for Cloud.
  3. In the upper taskbar, under Scope, select AWS only.

AWS Recommendations

If you have existing AWS resources, then you'll be able to see recommendations associated with them.

Once the resources show up in MDC let's go back to Clean Up section at the bottom of Step 1 and delete the CloudFormation Stack so you don't pay for resources in your AWS! click 👉 here