Prisma™ Cloud Administrator's Guide
    : Update an Onboarded AWS Account
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Connect Your Cloud Platform to Prisma Cloud
    6. Onboard Amazon Web Services
    7. Update an Onboarded AWS Account
    Download PDF

    Prisma™ Cloud Administrator's Guide

    Update an Onboarded AWS Account

    Table of Contents

    Update an Onboarded AWS Account

    After you add your cloud account to Prisma Cloud, you may need to update the Prisma Cloud stack to provide additional permissions for new policies that are frequently added to help you monitor your cloud account and ensure that have a good security posture. When you update the CFT stack, Prisma Cloud can ingest data on new services that are supported. These CFTs are available directly from the Prisma Cloud administrative console.
    In addition to updating the CFT stack for enabling permissions for new services, you can use this workflow to update the account groups that are secured with Prisma Cloud or to enable or disable the security capabilities and permissions. If you enable a security capability that you had not enabled during the initial onboarding, make sure you
    Download IAM Role CFT
     again and complete the required steps in order for the updated permissions to be granted to Prisma Cloud.
    For instruction on updating your AWS Organization, see Update an Onboarded AWS Organization.
    1. Log in to the Prisma Cloud administrative console.
    2. Select the AWS cloud account you want to modify.
      Select
      Settings
      Cloud Accounts
       and click the
      Edit
       icon for the cloud account to manage from the list of cloud accounts.
    3. On
      Edit Cloud Account
      , navigate to
      Configure Account
      , and
      Download IAM Role CFT
      .
    4. (To change permissions for the Prisma Cloud role)
       Update the Prisma Cloud App using the CFT you downloaded in the above step. You can update the stack either using the AWS console or the AWS CLI.
      1. Log in to AWS console.
      2. Select
        Services
        CloudFormation
        Stacks
        .
      3. Select the
        PrismaCloudApp
         stack to update and select
        Update
        .
        Select
        Replace current template
         and
        Upload a template file
         you downloaded earlier.
        If you decide to create a new stack instead of updating the existing stack, you must copy the PrismaCloudRoleARN value from the CFT outputs tab.
      4. Configure stack options.
      5. Click
        Next
         and verify the settings.
      6. Preview your changes
         to the CloudFormation template for the role you updated.
      7. Update
         your CFT.
        If you created a new stack, you must log in to the Prisma Cloud administrative console, select your cloud account on
        Settings
        Cloud Accounts
        , click the
        Edit
         icon, navigate to
        Configure Account
        , and enter the
        PrismaCloudRoleARN
         value from the AWS CFT output in the
        IAM Role ARN
         field.
        If you want to use AWS Command Line Interface to deploy the updated Prisma Cloud App stack. Using the AWS CLI tool, enter the following command to deploy the CFT that you downloaded.
      8. Check the status to verify that Prisma Cloud can successfully retrieve information on your cloud resources.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.