The Amazon Web Services (AWS) Suite of cloud computing services from Amazon that make up an on-demand computing platform. Cloud Connector provides operational visibility into the security of your AWS environment. Based on the collected log information, USM Anywhere receives the data stored in your Amazon Simple Storage Service (S3) buckets or Inventory (Amazon EC2 and RDS instances and AWS IAM users), generates the related events for that data within USM Anywhere, and provides real-time alerting to identify malicious activity Activity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems..

Differences Between an AWS Cloud Connector and a Sensor

Before choosing between an AWS Cloud Connector and a USM Anywhere Sensor Sensors are deployed into an on-premises, cloud, or multi-cloud environment to collect logs and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation., you need to know how they work and the existing differences between them.

This table includes a summary of the main differences between an AWS Cloud Connector and a sensor.

Differences Between an AWS Cloud Connector and a Sensor

Item	AWS Cloud Connector	Sensor
Deploy a sensor
Create a virtual machine (VM)
Inventory data detection (users and assets)
NIDS
BlueApps
Maintenance, updates, upgrades
Upload an AWS CloudFormation template into the AWS account
Monitor multiple AWS accounts	(one connector per account)	(one sensor per account)
Receive Amazon S3 events
Log aggregation

Keep in mind these points when choosing between an AWS Cloud Connector and a USM Anywhere Sensor:

• A sensor requires a deployment Entire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment.. An AWS Cloud Connector doesn't need to deploy a sensor on a VM; instead, it requires an upload of an AWS CloudFormation template that you generate within the USM Anywhere user interface (UI). See Adding an AWS Cloud Connector for more information. This process is much easier, and unlike a sensor, it doesn't require ongoing maintenance.

• An AWS Cloud Connector receives Amazon S3 and Inventory events, but no events from network-based intrusion detection systems (NIDS) Network Intrusion Dectection System (NIDS) monitors network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices. nor BlueApps [[[Undefined variable Core.ProductBlueApps]]] extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response.. Deploying a sensor is the best choice if you have a specific account that needs either NIDS or BlueApps that are critical for an AWS environment that are you monitoring.

Important: If you have multiple AWS accounts, you can configure some of them with sensors and the rest with AWS Cloud Connectors. You can have a mix of deployments, but best practice is to only deploy one connector or one sensor per AWS account.

• An AWS Cloud Connector is easier to maintain. For example, a sensor often requires upgrades.

Activating an AWS Cloud Connector

To activate an AWS Cloud Connector:

1. Add a new connector.

   See Adding an AWS Cloud Connector for more information.

2. Download the AWS CloudFormation template.

   See Downloading an Existing AWS Cloud Connector Template for more information.

3. Create a stack to upload the AWS CloudFormation template.

   See Uploading AWS CloudFormation Templates for more information.

4. Go to USM Anywhere to enable the AWS Cloud Connector.

   See Cloud Connector List View for more information.