Set Up Your Alibaba Account
Configure your Alibaba account to enable Prisma Cloud to retrieve and analyze configuration logs for monitoring your cloud resources.
Prisma Cloud is available for visibility and monitoring of your Alibaba Cloud infrastructure in Mainland China and International regions. The first step to start monitoring your resources on Alibaba Cloud is to grant Prisma Cloud access to your account. To do this, you must create a role and attach policies that enable permissions to authorize access to the assets deployed within the account. You can choose to create a custom policy with granular permissions or use the Alibaba Cloud system policy to enable
ReadOnlyAccess. After you create the role and enable permissions, you can add the Alibaba Cloud Resource Name (ARN) on Prisma Cloud so that it can assume the role to monitor your Alibaba Cloud account.
- (Required if you want to enable granular access permissions)Create a custom policy.Creating a custom policy allows you to use the principle of least privilege and enable the bare-minimum permissions that Prisma Cloud currently requires to monitor your account. If you do not want to update these permissions periodically, you can skip ahead to Step 2 and use the Alibaba Cloud system policy to enableReadOnlyAccesspermissions to all aliyun services.
- Download the permissions for Alibaba China.The JSON file includes the required permissions.
- Log in to the Alibaba Cloud console for China region.
- Select.Resource Access ManagementPermissionsPoliciesCreate Policy
- Enter a newPolicy Nameand selectScript.
- Paste the contents in to thePolicy Documentand clickOK.
- Create a RAM role.You must create a RAM role and attach policies to authorize API access to Prisma Cloud. You can attach the custom policy with granular permissions or use the Alibaba Cloud system policy to enableReadOnlyAccess.
- On the Alibaba Cloud console, select.ProductResource Access Management
- Select.RAM RolesCreate RAM Role
- Select Trusted entity type asAlibaba Cloud AccountandNext.
- Enter aRAM Role Name.
- Enter the Prisma Cloud Account ID as a trusted Alibaba Cloud account.If your Prisma Cloud instance is on https:/app.prismacloud.cn, the Prisma Cloud Account ID is1306560418200997. Otherwise, the Prisma Cloud Account ID is5770382605230796.Enter the appropriate account ID inand clickSelect Trusted Alibaba Cloud AccountOther Alibaba Cloud AccountOK.
- SelectAdd Permissions to RAM Role.Either attach the permissions associated with the custom policy (if you created one), or use the system policy.
- Custom Policy
- System Policy
- Copy the Alibaba Cloud Resource Name (ARN).You need the ARN to add the Alibaba cloud account on Prisma Cloud.
- SelectRAM Rolesand search for the name you entered earlier.
- Note the ARN.
Recommended For You
Recommended videos not found.