Connect AWS to Microsoft Cloud App Security

Applies to: Microsoft Cloud App Security

This article provides instructions for connecting Microsoft Cloud App Security to your existing Amazon Web Services account using the connector APIs. This connection gives you visibility into and control over AWS app use.

How to connect Amazon Web Services to Cloud App Security

  1. In your Amazon Web Services console, under Security, Identity & Compliance, click on IAM.

    AWS identity and access

  2. Click on the Users tab and then click Add user.

    AWS users

  3. In the Details step, provide a new user name for Cloud App Security. Make sure that under Access type you select Programmatic access and click Next Permissions.

    create user in AWS

  4. Click on the JSON tab:


  5. Paste the following script into the provided area:

      "Version" : "2012-10-17",  
      "Statement" : [{  
          "Action" : [  
          "Effect" : "Allow",  
          "Resource" : "*"  

    AWS code

  6. Click Review policy.

  7. Provide a Name and click Create policy.

    AWS name policy

  8. Back in the Add user screen, refresh the list if necessary, and select the user you created, and click Next Review.

    Review user policy in AWS

  9. If all the details are correct, click Create user.

    User permissions in AWS

  10. When you get the success message, click Download .csv to save a copy of the new user's credentials, you need these later.

    Download csv in AWS

  11. In the AWS console, click Services and then under Management Tools click CloudTrail.

    AWS CloudTrail

    If you haven't used CloudTrail before, click Get Started and set it up by providing a name and selecting the appropriate S3 bucket and click Turn On. To make sure you have complete coverage, set Apply to all regions to Yes.

    Turn on CloudTrail in AWS

    You should see the new CloudTrail name in the Trails list.

    CloudTrail list in AWS

  12. In the Cloud App Security portal, click Investigate and then Connected apps.

  13. In the App connectors page, click the plus sign followed by Amazon Web Services.

    connect AWS

  14. In the pop-up, paste the Access key and Secret key from the csv file into the relevant fields, and click Connect.
    Connect AWS app

  15. Make sure the connection succeeded by clicking Test API.

    Testing may take a couple of minutes. When it's finished, you get a Success or Failure notification. After receiving a success notice, click Done.

After connecting AWS, you'll receive events for seven days prior to connection. If you just enabled CloudTrail, in which case you receive events from the time you enabled CloudTrail.

Next steps

Control cloud apps with policies

Premier customers can also create a new support request directly in the Premier Portal.