To scan your cloud resources during the Credentialed Scan Background Task, configure API credentials associated with a cloud service account. By configuring Cloud Scanning, you will enable DeepSurface to correlate user access privileges within cloud platform services to the resources (such as instances and VMs) provided by those services. Cloud scanning occurs automatically as a part of the Credentialed Scan Background Task whenever Cloud Scan credentials are present.
Within your cloud platform you will need to configure an API key that can be used by DeepSurface to scan your cloud resources.
Available platforms:
AWS: Configuring an API key in AWS requires creating an IAM user and policy with permissions that will allow DeepSurface to determine which AWS users have access to specific services and resources.
For documentation explaining how to create IAM users and policies, please see this link: AWS IAM User Documentation