Onboard AWS Cloud Account in Strata Cloud Manager

Onboard AWS Cloud Account in Strata Cloud Manager

1. Log in to Strata Cloud Manager.
2. Select Insights → AI Runtime Security.

   1. If you're onboarding a cloud account for the first time, click Get Started under Network tab.

      

   2. If you have previously onboarded a cloud account, select Network from the AI Runtime Security drop-down list at the top. Click the Cloud Account Manager (cloud) icon.

      
3. Select Cloud Service Provider as AWS and select Next.

   
4. Enter basic information:

   

   • A unique Name to identify your onboarded cloud account. (Limit the name to 32 characters).
   • S3 bucket name (limit the name to 32 characters).
     To get the S3 bucket name, Go to AWS Management Console -> navigate to S3 and copy your bucket name).
   • Select Next.
5. In Application Definition, select Next.

   
6. Input Role Name (Use only alphanumeric characters and hyphens, avoid using a hyphen at the beginning or end, and limit the name under 19 characters).
7. Download Terraform.

   
8. Execute Terraform. Save and unzip the downloaded Terraform zip file: `aws-onboard-terraform.zip`. Navigate to `panw-discovery-10xxxx684868-onboarding/aws` and follow the `README.md` instructions to apply the Terraform in AWS to create the resources and add the role assignments.

   #Deploy the Terraform
   terraform init
   terraform plan
   terraform apply
   

   Output:

   Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
   
   Outputs:
   cross_account_role_arn = "arn:aws:iam::10xxxx684868:role/airs-prod-role-2"
9. Copy the role ARN from the Terraform apply output in the previous step and paste it in the Role ARN field.

   Alternatively, you can also fetch the role ARN in the AWS Management Console. Navigate to IAM > Access Management > Roles; select the role name you entered in step 6 and copy the ARN from the summary page.
10. Select Done.
11. Add the following policy to enable Strata Cloud Manager to discover your Kuberenets clusters assets:

    1. Sign in to the Amazon EKS Console.
    2. Navigate to the EKS Console and click on your EKS cluster.
    3. In the IAM access entries section of the Access tab, click the Create access entry button.
    4. Find the IAM principal ARN role that was created as part of the onboarding process when you executed the onboarding Terraform.
    5. Add AmazonEKSAdminViewPolicy under Policy name.
    6. Click Create and finish the creation process.
12. You can now view and manage the onboarded cloud accounts in Strata Cloud Manager.
13. The Strata Cloud Manager dashboard under Insights → AI Runtime Security shows all the cloud assets discovered.

    

    This validates the successful creation of a service account in AWS.

    Initial data should populate on Strata Cloud Manager in about 30 minutes and the flow logs may have a delay of about an hour to show up on the Strata Cloud Manager dashboard.

    Next, protect the network traffic flow by deploying an AI Runtime Security: Network intercept in AWS.