AWS Integration
Connect your AWS accounts to Seenty for automated cloud security scanning.
AWS Integration
Connect your AWS accounts to Seenty to automatically scan for security misconfigurations in IAM, S3, and Security Groups. AWS integration is available on Ultra plans and above.
AWS cloud scanning requires an Ultra plan or higher. The Ultra plan supports up to 2 AWS accounts. The Enterprise plan supports unlimited accounts.
What it scans
Seenty scans three core AWS service areas for security misconfigurations:
IAM (Identity and Access Management)
| Finding | Severity | Description |
|---|---|---|
| Root account without MFA | Critical | The root account has unrestricted access to all resources. Without MFA, a compromised password means full account takeover. |
| IAM user without MFA | High | Console users without MFA are vulnerable to password-based attacks. |
| Stale access keys (>90 days) | Medium | Access keys that have not been rotated in over 90 days. Long-lived credentials increase the blast radius if compromised. |
| Inactive IAM users | Low | Users who have not signed in recently but still have active credentials. |
| Overly permissive policies | Medium | Policies using *:* wildcards instead of scoped permissions. |
S3 (Storage)
| Finding | Severity | Description |
|---|---|---|
| Publicly writable bucket | Critical | Anyone on the internet can upload files to this bucket, potentially hosting malicious content under your domain. |
| Publicly readable bucket | High | Bucket contents are accessible to anyone without authentication. |
| Unencrypted bucket | Medium | Server-side encryption is not enabled, leaving data at rest unprotected. |
| Versioning disabled | Low | Without versioning, accidentally deleted or overwritten objects cannot be recovered. |
Security Groups (Network)
| Finding | Severity | Description |
|---|---|---|
| SSH (22) open to 0.0.0.0/0 | High | SSH accessible from any IP address, exposing instances to brute-force attacks. |
| RDP (3389) open to 0.0.0.0/0 | High | Remote Desktop open to the internet, a common ransomware entry point. |
| All ports open to 0.0.0.0/0 | Critical | Security group allows all traffic from any source on all ports. |
| Database ports open to internet | High | Ports like 3306 (MySQL), 5432 (PostgreSQL), or 27017 (MongoDB) accessible from any IP. |
Setup
Create an IAM user in AWS
Seenty requires read-only access to scan your AWS resources. We recommend creating a dedicated IAM user:
- Sign in to the AWS Console and go to IAM > Users.
- Click Create user.
- Enter a username (e.g.,
seenty-scanner). - Select Programmatic access (access key).
- Attach the SecurityAudit managed policy. This provides read-only access to the services Seenty scans.
The SecurityAudit policy provides read-only access to IAM, S3, EC2 security groups, and many other services. It does not allow Seenty to modify any resources in your account. You can also create a custom policy with more restricted permissions if your security requirements demand it.
Generate access keys
- After creating the user, go to the user's Security credentials tab.
- Click Create access key.
- Select Third-party service as the use case.
- Copy the Access Key ID and Secret Access Key. Store them securely -- you will need them in the next step.
The Secret Access Key is only displayed once. If you lose it, you will need to generate a new key pair.
Add the AWS account in Seenty
- Go to Assets > Cloud Accounts in the Seenty dashboard.
- Click Add AWS Account.
- Enter a friendly name for the account (e.g., "Production AWS").
- Paste the Access Key ID and Secret Access Key.
- Click Test Connection to verify that Seenty can reach your AWS account with the provided credentials.
- Click Save.
Enable scanning
Once the account is added and the connection is verified, enable scanning. Seenty will run an initial scan immediately and schedule periodic scans going forward.
Managing scans
- Manual scan -- Trigger a scan at any time from the cloud account detail page by clicking Scan Now.
- Scheduled scans -- Seenty runs periodic scans automatically. You do not need to configure a schedule.
- Scan results -- Findings appear in Security Posture > Misconfigurations with the source labeled as AWS.
Credential security
Your AWS credentials are:
- Encrypted at rest -- Credentials are encrypted before being stored in the database.
- Never logged -- Access keys never appear in logs or error messages.
- Used only for scanning -- Seenty only performs read operations. No resources are modified, created, or deleted.
Credential rotation
AWS recommends rotating access keys regularly. When you rotate your keys:
- Generate new access keys in the AWS Console.
- Update the credentials in Seenty from Assets > Cloud Accounts by editing the AWS account.
- Test the connection with the new credentials.
- Deactivate and delete the old access keys in AWS.
If you rotate your AWS credentials without updating them in Seenty, scans will fail silently. Check the cloud account status in the Seenty dashboard after rotating keys.
Account limits
| Plan | AWS accounts allowed |
|---|---|
| Ultra | 2 |
| Enterprise | Unlimited |
Troubleshooting
Connection test failing?
- Verify the Access Key ID and Secret Access Key are correct (no extra spaces or characters).
- Ensure the IAM user has the
SecurityAuditpolicy attached. - Check that the IAM user's access keys are active (not deactivated) in the AWS Console.
Missing findings?
- Seenty scans IAM, S3, and Security Groups. Resources in other AWS services are not currently scanned.
- Ensure the IAM user has permissions to list and describe the relevant resources.
Scan showing stale results?
- Trigger a manual rescan from the cloud account page. Findings are updated based on the most recent scan.