Provider Configuration#
To configure the connector, you can use the Command Line Interface. The configuration command is:
poetry run censys-cc config
The censys-cc config command will guide you through the
configuration of supported cloud providers. This command will assist you in
generating your providers.yml
file. This file
can contain multiple provider configurations.
Note
Before configuring the connector, make sure you are logged in to your cloud provider’s CLI tool. See our Provider Specific Setup for more information.
Provider Specific Setup#
Verify Configuration (Optional)#
At this point, you should be able to run the cloud connector. If you would like to run the connector once before moving onto deployment, you can run the following command:
Caution
This is a real-time scan of your cloud environment and may take a long time if
you have a large cloud environment. You may adjust the environment variable
DRY_RUN
to true
to opt out of submitting scan results to Censys.
poetry run censys-cc scan
Sample providers.yml
File#
The providers.yml
file contains the configuration for all cloud providers.
The file is a YAML file and is structured as follows:
- provider: aws
account_number: xxxxxxxxxxxx
access_key: xxxxxxxxxxxxxxxxxxxx
secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
regions:
- xxxxxxxxx
# ignore:
# - AWS::ApiGateway
# - AWS::ECS
# - AWS::ElasticLoadBalancing
# - AWS::NetworkInterface
# - AWS::RDS
# - AWS::Route53
# - AWS::S3
- provider: azure
tenant_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
client_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
client_secret: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
subscription_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# The subscription_id field takes one or more subscription IDs.
# subscription_id:
# - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# The ignore field takes a list of Azure resource types to ignore during scanning.
# ignore:
# - Microsoft.Network/publicIPAddresses
# - Microsoft.ContainerInstance/containerGroups
# - Microsoft.Sql/servers
# - Microsoft.Network/dnszones
# - Microsoft.Storage/storageAccounts
- provider: gcp
organization_id: xxxxxxxx-xxxx-xxxx
service_account_json_file: service_account.json
service_account_email: censys-cloud-connector@project-id.iam.gserviceaccount.com
# The ignore field takes a list of GCP resource types to ignore during scanning.
# ignore:
# - google.compute.Instance
# - google.compute.Address
# - google.container.Cluster
# - google.cloud.sql.Instance
# - google.cloud.dns.ManagedZone
# - google.cloud.storage.Bucket