Set Up Your Alibaba Account

Configure your Alibaba account to enable Prisma Cloud to retrieve and analyze configuration logs for monitoring your cloud resources.
Prisma Cloud is available for visibility and monitoring of your Alibaba Cloud infrastructure in Mainland China and International regions. The first step to start monitoring your resources on Alibaba Cloud is to grant Prisma Cloud access to your account. To do this, you must create a role and attach policies that enable permissions to authorize access to the assets deployed within the account. You can choose to create a custom policy with granular permissions or use the Alibaba Cloud system policy to enable
ReadOnlyAccess
. After you create the role and enable permissions, you can add the Alibaba Cloud Resource Name (ARN) on Prisma Cloud so that it can assume the role to monitor your Alibaba Cloud account.
  1. (Required if you want to enable granular access permissions)
    Create a custom policy.
    Creating a custom policy allows you to use the principle of least privilege and enable the bare-minimum permissions that Prisma Cloud currently requires to monitor your account. If you do not want to update these permissions periodically, you can skip ahead to Step 2 and use the Alibaba Cloud system policy to enable
    ReadOnlyAccess
    permissions to all aliyun services.
    1. The JSON file includes the required permissions.
      alibaba-cloud-account-permissions.png
    2. Log in to the Alibaba Cloud console for China region.
    3. Select
      Resource Access Management
      Permissions
      Policies
      Create Policy
      .
    4. Enter a new
      Policy Name
      and select
      Script
      .
    5. Paste the contents in to the
      Policy Document
      and click
      OK
      .
      alibaba-cloud-account-custom-policy.png
  2. Create a RAM role.
    You must create a RAM role and attach policies to authorize API access to Prisma Cloud. You can attach the custom policy with granular permissions or use the Alibaba Cloud system policy to enable
    ReadOnlyAccess
    .
    1. On the Alibaba Cloud console, select
      Product
      Resource Access Management
      .
    2. Select
      RAM Roles
      Create RAM Role
      .
      alibaba-cloud-account-create-ram-role.png
    3. Select Trusted entity type as
      Alibaba Cloud Account
      and
      Next
      .
    4. Enter a
      RAM Role Name
      .
    5. Enter the Prisma Cloud Account ID as a trusted Alibaba Cloud account.
      If your Prisma Cloud instance is on https:/app.prismacloud.cn, the Prisma Cloud Account ID is
      1306560418200997
      . Otherwise, the Prisma Cloud Account ID is
      5770382605230796
      .
      Enter the appropriate account ID in
      Select Trusted Alibaba Cloud Account
      Other Alibaba Cloud Account
      and click
      OK
      .
      alibaba-cloud-account-ram-account-id.png
    6. Select
      Add Permissions to RAM Role
      .
      Either attach the permissions associated with the custom policy (if you created one), or use the system policy.
      • Custom Policy
        alibaba-cloud-account-add-permissions-custom.png
      • System Policy
        alibaba-cloud-account-add-permissions-system.png
    7. Click
      Finished
      .
  3. Copy the Alibaba Cloud Resource Name (ARN).
    You need the ARN to add the Alibaba cloud account on Prisma Cloud.
    1. Select
      RAM Roles
      and search for the name you entered earlier.
      alibaba-cloud-account-ram-role.png
    2. Note the ARN.
      alibaba-cloud-account-ram-role-arn.png

Recommended For You