Onboard your AWS cloud account in Strata Cloud Manager.
Onboard the GCP cloud account in Strata Cloud Manager. Create and download an onboarding
Terraform template. When you apply this template in your cloud environment, it generates
a service account with sufficient permissions. These permissions enable discovery within
your cloud environment, granting access to network flow logs, asset inventory details,
and other essential cloud resources.
Where Can I Use This?
What Do I Need?
Creating an AWS Service Account for Strata Cloud Manager
Integration
If you're onboarding a cloud account for the first time, click Get
Started under Network tab.
If you have previously onboarded a cloud account, select Network
from the AI Runtime Security drop-down list at the top. Click the
Cloud Account Manager (cloud) icon.
Select Cloud Service Provider as AWS and select
Next.
Enter basic information:
A unique Name to identify your onboarded cloud account. (Limit
the name to 32 characters).
S3 bucket name (limit the name to 32 characters).
To get the S3 bucket name, Go to AWS Management Console ->
navigate to S3 and copy your bucket name).
Select Next.
In Application Definition, select Next.
Input Role Name (Use only alphanumeric characters and hyphens, avoid
using a hyphen at the beginning or end, and limit the name under 19
characters).
Download Terraform.
Execute Terraform. Save and unzip the downloaded Terraform zip file:
`aws-onboard-terraform.zip`. Navigate to
`panw-discovery-10xxxx684868-onboarding/aws` and follow the `README.md`
instructions to apply the Terraform in AWS to create the resources and add the
role assignments.
#Deploy the Terraform
terraform init
terraform plan
terraform apply
Copy the role ARN from the Terraform apply output in the previous step and
paste it in the Role ARN field.
Alternatively, you can also fetch the role ARN in
the AWS Management Console. Navigate to IAM > Access Management > Roles;
select the role name you entered in step 6 and copy the ARN from the
summary page.
Select Done.
Sign in to the Amazon EKS Console.
Navigate to the EKS Console and click on your EKS cluster.
In the IAM access entries section of the Access tab,
click the Create access entry button.
Find the IAM role that was created as part of the onboarding process
when you executed the onboarding Terraform.
Click Skip to Review and create and finish the creation
process.
The Strata Cloud Manager dashboard under Insights → AI Runtime Security shows all the cloud assets
discovered.
This validates the successful creation of a service account in AWS.
Initial data should populate on Strata Cloud Manager
in about 30 minutes and the flow logs may have a delay of about an hour to
show up on the Strata Cloud Manager dashboard.
Next, protect the
network traffic flow by deploying an AI Runtime Security instance in AWS.
Add an EKS cluster viewer role. Refer to the section below.
Add an EKS Cluster Viewer Role
Assign an EKS Cluster Viewer role to the role created in AWS by the onboarding
Terraform. Add this role to all the clusters.