Provider Configuration

To configure the connector, you can use the Command Line Interface. The configuration command is:

poetry run censys-cc config

The censys-cc config command will guide you through the configuration of supported cloud providers. This command will assist you in generating your providers.yml file. This file can contain multiple provider configurations.

Note

Before configuring the connector, make sure you are logged in to your cloud provider’s CLI tool. See our Provider Specific Setup for more information.

Provider Specific Setup

• AWS Provider Setup
• Azure Provider Setup
• GCP Provider Setup

Verify Configuration (Optional)

At this point, you should be able to run the cloud connector. If you would like to run the connector once before moving onto deployment, you can run the following command:

Caution

This is a real-time scan of your cloud environment and may take a long time if you have a large cloud environment. You may adjust the environment variable DRY_RUN to true to opt out of submitting scan results to Censys.

poetry run censys-cc scan

Sample providers.yml File

The providers.yml file contains the configuration for all cloud providers.

The file is a YAML file and is structured as follows:

- provider: aws
  account_number: xxxxxxxxxxxx
  access_key: xxxxxxxxxxxxxxxxxxxx
  secret_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  regions:
    - xxxxxxxxx
  # ignore:
  #   - AWS::ApiGateway
  #   - AWS::ECS
  #   - AWS::ElasticLoadBalancing
  #   - AWS::NetworkInterface
  #   - AWS::RDS
  #   - AWS::Route53
  #   - AWS::S3
- provider: azure
  tenant_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  client_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  client_secret: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  subscription_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  # The subscription_id field takes one or more subscription IDs.
  # subscription_id:
  #   - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  #   - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  # The ignore field takes a list of Azure resource types to ignore during scanning.
  # ignore:
  #   - Microsoft.Network/publicIPAddresses
  #   - Microsoft.ContainerInstance/containerGroups
  #   - Microsoft.Sql/servers
  #   - Microsoft.Network/dnszones
  #   - Microsoft.Storage/storageAccounts
- provider: gcp
  organization_id: xxxxxxxx-xxxx-xxxx
  service_account_json_file: service_account.json
  service_account_email: censys-cloud-connector@project-id.iam.gserviceaccount.com
  # The ignore field takes a list of GCP resource types to ignore during scanning.
  # ignore:
  #   - google.compute.Instance
  #   - google.compute.Address
  #   - google.container.Cluster
  #   - google.cloud.sql.Instance
  #   - google.cloud.dns.ManagedZone
  #   - google.cloud.storage.Bucket