This article will guide you through the process of connecting your Amazon Web Services (AWS) cloud account to the Orca Security Platform.
Orca's SaaS deployment mode means that you do not have to run any code from Orca within your cloud accounts. Your payload will be scanned inside Orca's AWS cloud backend in the same data center where your assets reside.
- Before you begin
- Step 1: AWS login
- Step 2: Create IAM role and policy
- Step 3: Connect your account to Orca Security
- Verify account connection
Before you begin
Access your Orca Security account and navigate to Settings from the lower-left corner of the main menu. You will land on the Connect Account page by default. From here, select the Amazon Web Services tab (unless already selected).
Step 1: AWS login
Log in to your AWS account by clicking the AWS ACCOUNT link.
Step 2: Create IAM role and policy
Select the check box to allow scanning of images in password protected registries. If unchecked, Orca will not have permission to scan images stored outside of AWS.
Use the CLOUDFORMATION TEMPLATE link to create an “orca-security” stack, which will add the necessary security role and policies, so that Orca can scan your account.
The template link will open the AWS CloudFormation page in a new browser tab where you can review the stack parameters. Scroll to the bottom of the page to acknowledge that AWS CloudFormation might create IAM resources.
After you click Create stack, AWS CloudFormation will open the Events tab where the status of the “orca-security” stack will be indicated as “CREATE_IN_PROGRESS”. Please allow several seconds for AWS to create the stack and update the status to “CREATE_COMPLETE”. You can refresh the AWS CloudFormation page to get the latest status update.
Step 3: Connect your account to Orca Security
After the stack has been created, you will need to copy the resulting Amazon Resource Name (ARN) and provide it to Orca.
Navigate to the Outputs tab of the "orca-security" stack and copy the OrcaRoleArn value.
Return to the Orca UI, paste the ARN into the ORCA ROLE ARN field, and click the Connect Account button.
Please allow several seconds for the connection to be established. After a successful connection, Orca will redirect you to the Accounts page, where you can check the status of the newly onboarded account.
Verify account connection
Scanning will begin immediately after the connection between Orca and your cloud account is established. The initial scan time will vary and may take anywhere from a few minutes to a few hours. We recommend that you wait at least 24 hours after onboarding a new account to get the complete picture of your security posture. Subsequent scans take significantly less time.
You can return to the Accounts page from the Settings menu to verify the status of your existing accounts.