Introduction

In order to utilize the assessment feature available in the CoreStack Assessments product offering, you must onboard your cloud accounts in CoreStack in a defined way. It's very similar to the standard way of onboarding cloud accounts, but there are a few additional steps that must be followed in order to enable CoreStack to properly run an assessment on your cloud resources.

These unique steps are explained below, but can be summarized briefly as:

1. It's recommended to select the Assessment access type during the onboarding process and deploy the right template.
2. Configure the cloud account after onboarding to enable access permissions.

To learn about the general steps for onboarding cloud accounts in CoreStack, you can also refer to our full documentation in the onboarding section of this website.

🚧

Note:

As of August 2023 the first point above is true -- however, in future updates there will be notable differences between the Assessment and Assessment + Governance options relating to CoreStack assessments. This user guide will be updated accordingly at that time.

Overview of the cloud account onboarding process

In order to utilize the cloud governance capabilities of CoreStack, you have to integrate your cloud accounts with CoreStack. This involves setting up the prerequisites in your cloud account and then providing cloud account related information in CoreStack for integration. Once you complete these steps, you will be able to govern your cloud resources against our OSCAR cloud governance pillars.

We'll cover the process briefly here and provide links to Assessment-specific onboarding user guides, but for more information on each stage of the onboarding process please refer to our full onboarding user guides for each supported cloud platform.

Pre-onboarding and prerequisites

Before you can onboard any cloud accounts into CoreStack and run assessments on them, there are certain prerequisites that must be configured in those cloud accounts. Put simply, the proper access permissions for CoreStack must be setup in your cloud accounts first.

We've provided brief, high-level summaries of these requirements below for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) cloud accounts.

The full step-by-step instructions for configuring prerequisites for Assessments can be found in the following user guides in this section for AWS, Azure, and GCP, respectively.

AWS prerequisites

For AWS Accounts, you will have to create an IAM Role for CoreStack with necessary access permissions for Assessment + Governance to be performed for that account. CoreStack provides ready-made templates that can be used for this purpose which have appropriate access permissions built-in as part of the templates.

Azure prerequisites

For Azure Subscriptions, you will have to create an App Registration for CoreStack and then provide appropriate role assignment for that App for Assessment + Governance to be performed for that subscription.

GCP prerequisites

For GCP Projects, you will have to create either a user account or service account for CoreStack and then provide appropriate roles for the user account or service account for Assessment + Governance to be performed for that project.

Onboarding steps

Once you set up the prerequisites in your cloud account and retrieve the required information from the cloud console, you can initiate the onboarding process in CoreStack. It's a relatively straightforward process to onboard your cloud account into CoreStack, provided the prerequisites are taken care of.

You can follow the simple in-app guided workflow for the onboarding process for the supported cloud accounts. Please ensure you have the information explained in the pre-onboarding sections in hand before initiating the onboarding process.

Enable 'Assessment + Governance' for Assessments onboarding

While there are many steps for onboarding a new cloud account so that it's ready for CoreStack Assessments, the most important step to take note of is selecting the Assessment + Governance option under the Access Type section during the onboarding process in the CoreStack application. You must select this option in order to enable the full CoreStack Assessment experience in CoreStack.

The Assessment + Governance option allows CoreStack to use the read and write permissions necessary to properly scan and validate your cloud workloads.

From here, you can proceed normally through the rest of the onboarding process.

For more information on the onboarding process -- and the relevant Assessments requirements -- for each cloud provider, please refer to our other onboarding guides in this section for AWS, Azure, and GCP.

Post-onboarding steps

Once you've finished onboarding your cloud accounts into CoreStack, you can then start taking advantage of all the discovery and governance related features available to you now that your accounts are integrated with the CoreStack platform.

This includes running assessments, generating performance reports, setting up alerts, and more.