Disable Prisma Cloud Data Security and Offboard AWS account

  • Disable Prisma Cloud Data Security
    • On Settings > Cloud Accounts, and edit the AWS account. Select the AWS account on which you want to disable Prisma Cloud Data Security and clear the
      Data Security
      option. Prisma Cloud stops ingestion for monitoring data stored in S3 buckets for the account. Data Security information from the earlier scans are not deleted on Prisma Cloud, and you have access to the alerts for the period when Data Security was enabled (using Time Query).
      If you do not plan to re-enable Prisma Cloud Data Security for this AWS account, you can also delete the SNS topic to avoid the additional cost of that SNS topic sending messages to Prisma Cloud Data Security. You can also stop sending S3 events to the CloudTrail bucket, if you had set it up only for Prisma Cloud.
    • You can easily enable Prisma Cloud Data Security again on Settings > Cloud Accounts. Select an AWS account and check the
      Data Security
      checkbox. Prisma Cloud will start ingestion again and you will resume being charged for usage. All the data (before you disabled) and new data (after you re-enable Data Security) will be available for you.
  • Offboard and onboard an AWS account within 24 hours
    • If you had onboarded an AWS account and enabled Prisma Cloud Data Security enabled, all the scanned data results including alerts can no longer using the administrative console or API. Prisma Cloud Data Security stops further ingestion to monitor the data stored within the account.
    • If you add the same AWS account within 24 hours and enable Prisma Cloud Data Security, all the previously scanned data will be available from the administrative console and the API again. You can view all previously generated alerts as reported before you offboarded the account, for example open alerts will remain open, resolved will remain resolved. Prisma Cloud Data Security resumes ingestion for this account.
    • Offboard and onboard an AWS account after 24 hours
      • Customer offboards a previously onboarded AWS account that has Prisma Cloud Data Security enabled with scanned data results. All the scanned data results, including Alerts will stop being available in the UI or via API. Prisma Cloud Data Security stops doing any more ingestion for Prisma Cloud Data Security for this account.
      • After the account has been offboarded for more than 24 hours, Prisma Cloud Data Security will delete all the previously scanned data related to Prisma Cloud Data Security in the customer tenant.
      • Because Prisma Cloud Data Security has stopped ingestion of new S3 data, Prisma Cloud Data Security will also stop incurring additional charges for Prisma Cloud Data Security.
      • Customer onboards the same AWS account after 24 hours and enable Prisma Cloud Data Security. Prisma Cloud Data Security will start ingestion again for the account from scratch and start charging for usage. Only the new data (after you re-enable Prisma Cloud Data Security) will be there. All previously scanned data will be gone, except for alerts that were generated.
        The original alerts would not have been resolved and new alerts will be created on the same objects, creating duplicate alerts on the same objects.
    • Offboard an AWS account that was previously enabled for Prisma Cloud Data Security
      After the AWS account has been offboarded for more than 24 hours, all the previously scanned data and alerts will be deleted.
      If you do not plan to enable Prisma Cloud Data Security for this AWS account in the future, you can also delete the SNS topic to avoid the additional cost of that SNS topic sending messages to Prisma Cloud Data Security. You can also stop sending S3 events to the CloudTrail bucket, if you had set it up only for Prisma Cloud.

Recommended For You