Set Up Your Alibaba Account

Configure your Alibaba account to enable Prisma Cloud to retrieve and analyze configuration logs for monitoring your cloud resources.
Prisma Cloud is available for visibility and monitoring of your Alibaba Cloud infrastructure in Mainland China and International regions. The first step to start monitoring your resources on Alibaba Cloud is to grant Prisma Cloud access to your account. To do this, you must create a role and attach policies that enable permissions to authorize access to the assets deployed within the account. You can choose to create a custom policy with granular permissions or use the Alibaba Cloud system policy to enable
. After you create the role and enable permissions, you can add the Alibaba Cloud Resource Name (ARN) on Prisma Cloud so that it can assume the role to monitor your Alibaba Cloud account.
  1. (Required if you want to enable granular access permissions)
    Create a custom policy.
    Creating a custom policy allows you to use the principle of least privilege and enable the bare-minimum permissions that Prisma Cloud currently requires to monitor your account. If you do not want to update these permissions periodically, you can skip ahead to Step 2 and use the Alibaba Cloud system policy to enable
    permissions to all aliyun services.
    1. The JSON file includes the required permissions.
    2. Log in to the Alibaba Cloud console for China region.
    3. Select
      Resource Access Management
      Create Policy
    4. Enter a new
      Policy Name
      and select
    5. Paste the contents in to the
      Policy Document
      and click
  2. Create a RAM role.
    You must create a RAM role and attach policies to authorize API access to Prisma Cloud. You can attach the custom policy with granular permissions or use the Alibaba Cloud system policy to enable
    1. On the Alibaba Cloud console, select
      Products and Services
      Resource Access Management
    2. Select
      Create Role
    3. Select Trusted entity type as
      Alibaba Cloud Account
    4. Enter a
      RAM Role Name
    5. Enter the Prisma Cloud Account ID as a trusted Alibaba Cloud account.
      If your Prisma Cloud instance is on https:/, the Prisma Cloud Account ID is
      . Otherwise, the Prisma Cloud Account ID is
      Enter the appropriate account ID in
      Select Trusted Alibaba Cloud Account
      Other Alibaba Cloud Account
      and click
    6. Select
      Add Permissions to RAM Role
      Set the
      Authorized Scope
      to a specific resource group or the parent cloud account, and either attach the permissions associated with the custom policy (if you created one), or use the system policy.
      • Custom Policy
      • System Policy
    7. Click
  3. Copy the Alibaba Cloud Resource Name (ARN).
    You need the ARN to add the Alibaba cloud account on Prisma Cloud.
    1. Select
      and search for the name you entered earlier.
    2. Note the ARN.

Recommended For You