Updating an AWS Instance
Modify settings for an existing AWS instance.
Updating the Credentials for an AWS Instance
Change the credentials for an AWS instance.
If you need to change the credentials for an AWS instance, then you must change them in both AWS and in Oracle CASB Cloud Service.
When the authentication information that you used to register an AWS instance changes, you must also update it in the Oracle CASB Cloud Service console.
Updating the Security Control Baseline for an AWS Instance
Change security control baseline settings for an AWS instance that was added in either monitor-only mode or push controls mode.
When you register an AWS account in push controls mode, Oracle CASB Cloud Service sets the specified values in your account. You can change these values later if you need to.
When you register an AWS account in default, monitor-only mode, Oracle CASB Cloud Service automatically monitors for security-related configurations and generates an alert when a security control value doesn’t match the Oracle CASB Cloud Service stringent setting. For example, if an AWS administrator permits users to have 5-character passwords, then Oracle CASB Cloud Service generates an alert. For more information, see Security Control Values for AWS (Monitor Only/Read Only).
You also can register an AWS account in push controls mode, in which case Oracle CASB Cloud Service sets the desired values in your account and then generates alerts when these values are changed. For more information, see Security Control Values for AWS (Push Controls/Read-Write).
After you register your application, you can modify the alerting baseline that Oracle CASB Cloud Service uses. For example, you can change the baseline for minimum password length from 10 to 12 characters.
Note:
You can enforce the configuration of AWS IAM role definitions using a policy. See Creating Alerts for Setting AWS Roles.Oracle CASB Cloud Service generates a security control alert in Risk Events whenever it detects a mismatch of any kind between the selections that you make on this page and the actual settings in the AWS instance.
Updating the IDP Instance for an AWS Instance
Change the way an AWS instance communicates with an identity provider (IDP).
You can update the way that an AWS instance communicates with an identity provider (IDP) in several ways:
-
You can change an existing AWS instance that is authenticating to an IDP instance, so that it authenticates to a different IDP instance.
-
You can switch an AWS instance from authenticating directly with the IDP to authenticating with the IDP through an IDP instance.
-
You can’t switch an AWS instance that is authenticating with the IDP through an IDP instance to directly authenticating to the IDP.