With the AWS service account integration, you can centralize the deployment of Plerion infrastructure for advanced use cases such as Cloud Workload Protection Platform (CWPP). Instead of deploying appliances into every AWS account, a single service account manages and runs the scanning infrastructure on behalf of multiple target accounts.

About AWS service accounts

A service account is a dedicated AWS account used only for deploying Plerion infrastructure and managing its capabilities. It provides:
  • Centralized management
    Deploy appliances once in the service account and use them to scan multiple AWS target accounts.
  • Agentless scanning
    Appliances run only in the service account. They are granted permissions to scan resources in linked target accounts.
  • Flexible regional coverage
    You choose which AWS regions the appliances operate in. Only assets in enabled regions are scanned, allowing you to focus on the regions relevant to your environment.
  • One-time setup
    Once created, the service account can be reused across multiple AWS integrations in the same tenant.

Key terms

  • Service account
    The dedicated AWS account where Plerion infrastructure and appliances are deployed.
  • Target account
    Any AWS account that grants permissions to the service account appliances so its assets can be scanned.
  • Appliance
    An AWS EC2 instance launched in the service account to perform scans. Appliances send results back to Plerion.
  • Plerion Control Plane
    The backend system in Plerion’s own AWS environment that orchestrates appliances, manages scans, and stores results.

Next steps