Add cloud services for check - Security Center - Alibaba Cloud Documentation Center

0.0.201

Add cloud services to Security Center before using the cloud service configuration check feature. Cloud Security Posture Management (CSPM) supports checking Alibaba Cloud services, third-party cloud services, and Kubernetes clusters. It identifies potential risks and security vulnerabilities, offering remediation suggestions to enhance the security and stability of your cloud services.

Background

Learn about the check rules, risk level assessment, and risk remediation of cloud service configuration check.

Prerequisites

You have authorized CSPM. To use all check items for cloud service configuration check, enable CSPM with pay-as-you-go or purchase sufficient CSPM scan quotas.

View supported cloud services

Security Center currently supports adding assets from Alibaba Cloud and third-party cloud platforms for CSPM. You can view the supported cloud services and cloud platforms in the Security Center console.

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose Risk Governance > CSPM.
On the CSPM page, click the Cloud Service Configuration Risk tab.
Above the check item list, select Cloud Service, and click Alibaba Cloud or a third-party cloud platform (such as Tencent Cloud or AWS) to view the supported cloud services.

Add Alibaba Cloud services

Security Center automatically synchronizes Alibaba Cloud services linked to your account. No manual action is required.

Add third-party cloud services

You can add assets on Tencent Cloud, AWS, Azure, and Huawei Cloud to Security Center for CSPM configuration check.

When you create a RAM account to add third-party cloud services, you need to select Manual Configuration and choose CSPM under Permission Description.

Add self-managed Kubernetes clusters and install components

1. Add self-managed Kubernetes clusters

First, learn about the prerequisites such as region restrictions and parameter configuration for adding self-managed Kubernetes clusters to Security Center.

The steps to add clusters for configuration check are as follows:

On the Risk Governance > CSPM page, click Policy Management in the upper-right corner. Then, on the Policy Management panel, click the Configure Container Cluster tab, and click Self-built cluster access.
If you are using the Ultimate edition of Security Center, you can also click Self-built cluster access button on the Assets > Container > Cluster page.
Clusters added from this entry point will be synchronized to the cluster list on the Configure Container Cluster tab.
After you complete the Kubernetes access configuration in the Access Self-built K8s cluster panel, click Generate Command. Then, log on to the server where the cluster is located, create a text-001.yaml file, copy the generated command to the file and save it, and run the kubectl apply -f text-001.yaml command to complete the process of adding the cluster.

2. Install components

The cluster added in the previous step will appear in the list on the Configure Container Cluster tab, with Component Status showing Not Installed. You need to install components to perform Kubernetes Security Posture Management (KSPM) checks.

Find the newly added cluster on the Configure Container Cluster tab, and click Component Access.
In the Scan Component Access panel, copy the generated command. Then, log on to the server where the cluster is located, copy the generated command to a deploy.yaml file and save it. Finally, run the kubectl apply -f deploy.yaml command and finish adding component.
If you have enabled the webhook feature, stay on the server where the cluster is located, copy the generated command to a webhook.yaml file and save it, then run the kubectl apply -f webhook.yaml command to enable automatic checks on cluster configuration updates.
Important
The webhook feature currently supports only incremental checking of pods. Incorrect configuration or exceptions may impact the creation of cluster resources.

Once the component is added, the Component Status will display Online, indicating that the component has been successfully installed.

Synchronize assets

If there are new cloud services or configuration updates, you can update the latest information in the Security Center console.

On the Cloud Product page, synchronize cloud services under the current Alibaba Cloud account, cross-account, and any added third-party accounts.
On the Configure Container Cluster tab, synchronize clusters that have been added to Security Center.

References

Feedback

Previous: Cloud service configuration checkNext: Set and apply check policies

On this page （1）

Background

Prerequisites

View supported cloud services

Add Alibaba Cloud services

Add third-party cloud services

Add self-managed Kubernetes clusters and install components

1. Add self-managed Kubernetes clusters

2. Install components

Synchronize assets

References

About Alibaba Cloud

Our Global Network

Quick Start

Global Offices

Olympic Games Paris 2024 New

Stade Roland Garros – Glitz from the Past New

Place de la Concorde – “Breaking” the Barriers New

Vaires-sur-Marne Nautical Stadium – Sports with Sustainability New

International Broadcast Center – Images, Sounds, and Data that Captivate Billions New

Customer Success Stories New

Trust Center

Security & Compliance Center

Cloud Compliance Resources

Security Compliance FAQs

Product & Feature Update New

Cloud Forward

Press Room

Alibaba Cloud e-Magazine New

Alibaba Cloud in Analyst Research

Notice

Go Global Service New

Go Global Alliance with Alibaba Cloud

Asia Accelerator Hot

Information Compliance

China Gateway - MLPS 2.0 Compliance New

China Gateway - Networking

China Gateway - Global Application Acceleration New

China Gateway - Security

China Gateway - Data Security New

ICP Support Hot

China Gateway - Omnichannel Data Mid-End New

China Gateway - Organizational Data Mid-End New

China Gateway - Business Mid-End New

China Gateway - AI Service for Conversational Chatbots New

China Gateway - Online Education

China Gateway - Domain Registration

Work at Alibaba Cloud

Experienced Professionals

Students and Graduates

Free Trial

Pricing

Promo Center

Price Reduction

Pay Less and Deploy More

FinOps

Elastic Compute Service (ECS)

Simple Application Server (SAS)

Elastic GPU Service

Elastic Desktop Service (EDS)

Object Storage Service (OSS)

Cloud Enterprise Network (CEN)

Web Application Firewall (WAF)

Domain Names

Lingma

Container Compute Service (ACS)

Secure Access Service Edge (SASE)

Intelligent Media Services(IMS)

Edge Security Acceleration (ESA)(Original DCDN)

Intelligent Media Management

DingTalk Enterprise

YiDA

Alibaba Cloud Model Studio

Apsara Prime - For Easy Cloud Product Selection

Alibaba Cloud ECS - Cater All Your Cloud Hosting Needs

1TB CDN—Get Free 1 TB Outbound Traffic Plan Now

Security—Under Attack? Get Free Security Support

Short Message Service - Free Testing is Available

Elastic Compute Service (ECS) Hot

CloudBox

Compute Nest

Dedicated Host Hot

ECS Bare Metal Instance

Elastic GPU Service Featured

Simple Application Server (SAS) Hot

Auto Scaling

Cloud Phone Beta

Elastic Desktop Service (EDS) Featured

Batch Compute

Elastic High Performance Computing (E-HPC)

Super Computing Cluster (SCC)