This document describes how to filter Resource scanning by regions or by Resource Types which is new to new to CPM 3.0, This allows you to limit not only the regions that a tag scanning will scan but adds the ability to scan by specific AWS Resource types, This allows Administrators to limit the AWS objects scanned and allows for more granular functionality to limit permissions in AWS. You can remove specific types and remove the permissions from the CPM AWS IAM policy files. This adheres to AWS's best practices of assigning users or roles the least amount permissions necessary.
The 7 resource Types are:
- DynamoDB Tables
- Elastic File Systems
- RDS Databases
- Aurora Clusters
- Redshift Clusters
1. To edit an existing account please select Accounts in the CPM 3.0 screen on the lest hand side and click on Edit.
2. Hit the drop-down list under Scan Regions.
3. Then enable the regions you desire by enabled the checkmark next to the region. You can tell if a region filter has been applied if there are fewer than 18 regions selected. In the screenshot below it shows 4 Regions configured for the Scan Job.
4. Please expand the scan Resource Types drop-down list and enable whichever resources you want CPM scan job to look for in AWS. It will scan the AWS tags, and add resources to CPM Policies
CPM has 7 resource types. When you have completed your selections please hit the Save button so changes are not discarded. For more details on CPM's Tag management functionality please refer to the CPM User Guide on page 105.