This guide provides a high-level starting point, and can serve as an index for all of the relevant techniques you will need to start monitoring your AWS assets.
Setup AWS Integration
The first step should be to set up an AWS Integration. This way you can lock away your AWS credentials required to detect and scan all of your AWS assets in one place and refer to them going forward.
This integration will create a Scheduled Job that runs every 2 hours which will automatically sync nodes from AWS into the Discover > Detected page. Sometimes the number of assets discovered is significantly greater than the number of assets you actually want to monitor, which is why nodes are detected instead of being monitored.
Choose Nodes to Monitor
You should then navigate to the Discover > Detected page to see all of the AWS nodes that have been detected via the integration. For more information on what a detected node is verses a monitored node, please visit our guide on Detected vs. Monitored.
The Detected Nodes page is designed to act like an email inbox where a lot of information comes in. The Detected view allows you to either add or delete the nodes - nodes that are added become Monitored nodes. For more information on this workflow, please visit our guide on Discovery, Detected, Monitored Workflow.
Once your important AWS nodes are being scanned on a daily basis you can set up Drift Detection and Alerting.
You can also browse through our growing Policy Library and import any best practice policies we have for AWS node types.