Manage Cloud Accounts

You can view and manage all cloud accounts on the Cloud Accounts tab of the Projects & Connections tab.

View Cloud Accounts

The Cloud Accounts tab in the Projects and Connections page shows all the cloud accounts onboarded in Tenable Cloud Security. The cloud accounts can be onboarded manually or using autodiscovery.

To view the cloud accounts:

  1. Access Tenable Cloud Security.

    The Dashboard page appears.

  2. Click Projects and Connections.

    The Projects tab appears by default.

  3. Click Cloud Accounts.

    The Cloud Accounts page appears with a list of all onboarded cloud accounts. The page shows the following details about cloud accounts:

    Note: Not all the following columns appear in the table by default. To view columns that do not appear by default, click the icon and select the required columns.
    Column Description
    Name Name of the cloud account. An icon next to the name shows the cloud provider of the account.
    Management Unit If the account type is Multiple, the management unit is the name of the management account for AWS, management group for Azure, and Google group for GCP.
    Status The cloud account status — Ignored, Needs Configuration, Not Scanned, Scanned, Assessed, Failed, and Suspended. For more information, see Cloud Account Statuses.
    Resources The number of resources in the cloud account.
    Findings The number of vulnerabilities and misconfigurations. Misconfigurations are results from a Misconfiguration Scan. Vulnerabilities are results from Agentless Assessment.
    Projects The project that you assign the cloud account to. You can only assign configured cloud accounts to projects.
    Account ID The cloud account ID.
    Tags The cloud tag or label associated with the resource by the cloud provider.
    Created By Email ID used for creating the cloud account.
    Discovered On Time elapsed after Tenable Cloud Security discovered the account.

  4. Do one or more of the following:

    • Click Discover accounts to discover cloud accounts automatically for your provider. For more information, see the following:

    • Use the Search accounts box to search by cloud account name.

    • Click the Filters icon to open the Filter Cloud Accounts box. Select the following filters as needed.

      Filter Description
      Cloud Account Name Filters by the cloud account name.
      Cloud Providers Filters by the cloud provider — AWS, Azure, and GCP.
      Management Unit Filters by management unit. The management unit is the management account for AWS, management group for Azure, and Google group for GCP.
      Projects Filters by the project.
      Cloud Account ID Filters by the cloud account ID.
      Status Filters by the cloud account status — Discovered, Assessed, Failed, Ignored, Deleted, and Suspended.
      Cloud Account Alias Filters by the cloud account alias.
      Discovered On

      Search based on when the cloud account was discovered:

      • Last 24 hours

      • Last 7 days

      • Last 30 days

      • Last 3 months

      • Last 6 months

      • Last 1 year

Edit the Configuration of a Cloud Account

You can edit the credentials of cloud accounts after Tenable Cloud Security discovers or assesses the accounts. You can edit the configuration of a cloud account in any of the following states –— Discovered, Assessed, Failed, or Ignored.

To edit the configuration of a cloud account:

  1. Click Projects and Connections.

    The Projects tab appears.

  2. Click Cloud Accounts.

    The Cloud Accounts page lists all onboarded cloud accounts.

  3. Click > Configure in the row for the member account you want to configure.

    The Configure Account window for the selected cloud provider appears.

  4. Click the icon and edit the credentials for your cloud account.

    • AWS — Edit the Read-only Role ARN and External ID for the AWS account.

    • Azure — Provide the following values:

      • Client ID — Application ID of your subscription.

      • Secret Key — Value of the secret key for authentication of the service principal or root management group.

      • Tenant ID — Directory (tenant) ID of the service principal or root management group.

    • GCP — Click Upload to upload the service account credential file in the JSON format.

  5. Click to save the account configuration.

  6. Click Next.

  7. In the Assign a Project or Create a New Project section, click Done.

    Note: You cannot edit the project assigned to the cloud account from this window. To add or remove a project assigned to the cloud account, go to the Projects tab.

Ignore a Cloud Account

You can exclude a cloud account from the scan. You can ignore a cloud account in any of the following states –— Discovered, Assessed, Failed, or Ignored. Tenable Cloud Security dissociates an ignored cloud account from the project and no longer includes the account in any future scans. All findings related to the cloud account are removed from Tenable Cloud Security.

Note: Ignoring a cloud account does not remove the account from Tenable.cs, it is only excluded from scanning.

To ignore a cloud account:

  1. Click Projects and Connections.

    The Projects tab appears.

  2. Click Cloud Accounts.

    The Cloud Accounts page lists all onboarded cloud accounts.

  3. Click > Ignore in the row for the cloud account you want to ignore.

    A confirmation dialog appears to confirm whether you want to ignore the account.

  4. Click Yes to confirm.

    The cloud account status changes to Ignored.

    Note: You can configure an ignored account. However, the status of an ignored account changes only after scanning. For more information, see Cloud Account Statuses.

Delete a Cloud Account

Tenable Cloud Security allows you to delete cloud accounts. You can delete a cloud account in any of the following states –— Discovered, Assessed, Failed, or Ignored. You can onboard the account again as a new connection.

Note: Tenable recommends not to delete management or organization accounts.

To delete a cloud account:

  1. Click Projects and Connections.

    The Projects tab appears.

  2. Click Cloud Accounts.

    The Cloud Accounts page lists all onboarded cloud accounts.

  3. Click > Delete in the row for the member account you want to delete.

    The Delete Account window appears asking you to confirm the account deletion.

  4. Click Yes to confirm.

    Tenable Cloud Security removes the account and all findings related to that account.

    Note: To view deleted cloud accounts, filter cloud accounts by Status as Deleted. You can configure and onboard a deleted account again. For more information, see Edit the Configuration of a Cloud Account.