Cloud Service Providers
Getting Credentials from Cloud Providers
Pages under section cloud are for getting credentials from cloud providers.
Basic Required Permissions
This project require certain permissions on the provided credentials to function. This page will show you which permissions and how to assign them on your Cloud Console.
The instruction on the SCCCE frontend uses predefined roles on the cloud. There are some permissions on these roles that are not required for this project. You can create your own role with only the required permissions. See the below section for more details.
Vulnerability Scan Permission
The Vulnerability Scan module requires extra permissions to function. This page will show you which permissions and how to assign them on your Cloud Console.
Quick start
Assign Administrator role to the service account and remove it after use. This is the easiest way to get the required permissions. However, this is NOT recommended. You should create a custom role with only the required permissions. See the below section for more details.
Comparison between different cloud providers
| Provider | Config Collection (Web) | Config Collection (CLI) | Misconfig Check | K8S | Log Collection |
|---|---|---|---|---|---|
| AWS | ✅ | fetcher ✅ / fetch ✅ | ✅ | ✅ | ✅ |
| Azure | ✅ | fetcher ✅ / fetch ❌ | ✅ | ❓ | ❌ |
| GCP | ❓ | fetcher ✅ / fetch ❌ | ✅ | ❓ | ❌ |
| Alibaba | ❓ | fetcher ✅ / fetch ❌ | ❓ | ❓ | ❌ |
| Tencent | ✅ | fetcher ❌ / fetch ✅ | ❓ | ❓ | ❌ |
| Provider | Config Collection | Misconfiguration Check |
|---|---|---|
| Local Kubernetes (Kubeconfig) | ✅ | ✅ |