As part of Cloudrail’s context-aware analysis, we require access to the cloud accounts that will be in use for your Terraform files. If you would just like to evaluate your Terraform file, you can onboard an empty cloud account. We’ve spent significant time in this and identified that there are too many blind spots between what is defined in Terraform and what is deployed in the live cloud account that makes the integration necessary for security analysis.
We currently support Amazon AWS, with Azure, GCP on the way in 2021!
Adding a cloud account in AWS
The first step is to access the cloud account onboarding wizard
As a security best practice, Cloudrail randomly generates an ExternalID and RoleName for you. Please do not modify these parameters.
You can test whether Cloudrail can connect with your cloud account after the CloudFormation stack launched successfully. Once successfully connected, you can proceed to running scans with this account as part of the context.