Add the Amazon S3 App to Prisma SaaS

When scan setup is complete, you can add the Amazon S3 app to Prisma SaaS and begin scanning your new Amazon S3 app for policy violations.
  1. Add the Amazon S3 app to Prisma SaaS.
    1. From the Prisma SaaS
      Dashboard
      ,
      Add a Cloud App
      .
    2. Select
      Amazon S3
      .
      amazon-aws-s3-tile-frame-prod.png
  2. Configure your Amazon S3 settings. There are two methods to set up the Amazon S3 app on Prisma SaaS based on whether you are configuring a account or accounts.
  3. Connect a single AWS account.
    1. Connect a single AWS account by clicking
      Connect to Account
      .
    2. Enter the
      Access Key ID
      and
      Secret Access Key
      that you noted earlier when you completed the Begin Scanning an Amazon S3 App for your app scan.
    3. Enter the
      CloudTrail Bucket Name
      (S3 bucket name).
      Because S3 allows your bucket to be used as a URL that can be accessed publicly, the bucket name that you choose must be globally unique. If some other account has already created a bucket with the name that you chose, you must use another name.
    4. Enter the
      AWS Account ID
      .
      To find your AWS account ID number on the AWS Management Console, select Support on the navigation bar on the upper-right, and then select Support Center. Your signed-in account ID displays in the upper-right corner below the Support menu.
    5. Select the
      Region
      .
    6. Click
      OK
      . Prisma SaaS adds the Amazon S3 app to the list of Cloud Apps.
      amazon-s3-connect-single-account.png
  4. Connect multiple AWS accounts.
    AWS allows you to combine CloudTrail log files from multiple AWS regions and separate accounts into a single S3 bucket. Aggregating your log files in a single bucket simplifies storage and management of your Trails.
    1. Enter the
      Primary Account Access Key ID
      and
      Primary Account Secret Access Key
      that you noted earlier when you completed the Begin Scanning an Amazon S3 App for your app scan.
    2. Enter the
      Primary AWS Account ID
      .
      To find your AWS account ID number on the AWS Management Console, select Support on the navigation bar on the upper-right, and then select Support Center. Your signed-in account ID displays in the upper-right corner below the Support menu.
    3. Enter the
      Shared IAM Role
      .
      The shared IAM role delegates access to resources in different AWS accounts that you own (Production and Development). By configuring cross-account access with a role, you don't need to create individual IAM users in each account. In addition, users don't have to sign out of one account and sign into another in order to access resources that are in different AWS accounts.
    4. Enter the
      Primary CloudTrail Bucket Name
      (S3 bucket name).
      Because S3 allows your bucket to be used as a URL that can be accessed publicly, the bucket name that you choose must be globally unique. If some other account has already created a bucket with the name that you chose, you must use another name.
    5. Select the
      Primary CloudTrail Bucket Region
      .
    6. In
      Secondary Account Configuration
      select a CloudTrail configuration:
      • Centralized CloudTrail
        — logging for all AWS accounts goes to a single CloudTrail bucket in the primary account. Enter one Amazon account per line with no delimiters.
      • Distributed CloudTrail
        — logging for each AWS account goes to a separate CloudTrail bucket in the account’s location. Enter one
        Amazon Account: Bucket Name: Region
        per line with a colon ( : ) as a delimiter.
      If you are configuring both centralized and distributed CloudTrails, use
      Distributed CloudTrail
      .
    7. Click
      OK
      to add the Amazon S3 app to the list of Cloud Apps on Prisma SaaS.
      amazon-s3-connect-multiple-account.png
  5. (Optional)
    Give a descriptive name to this app instance and specify an incident reviewer.
    1. Select the Amazon S3 link on the Cloud Apps list.
    2. Enter a descriptive
      Name
      to differentiate this instance of Amazon S3 from other instances you are managing.
  6. Add policy rules.
    When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Asset Rule to look for incidents unique to the assets in the new app.
  7. (Optional)
    Configure or edit a data pattern.
    When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. You can Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  8. Start scanning the new Amazon S3 app for risks.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the new Amazon S3 app, select
      Actions
      Start Scanning
      .
      The status changes to Scanning. Prisma SaaS starts scanning all assets in the associated Amazon S3 app and begins identifying incidents. Depending on the number of Amazon S3 assets, it may take some time for the service to complete the process of discovering all assets and users. However, as soon as you begin to see this information populating on the Prisma SaaS
      Dashboard
      , you can begin to Assess Incidents.
  9. Monitor the results of the scan.
    As Prisma SaaS starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.
    Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.
  10. Review exposure details.
    1. To get more details on the exposure, select a
      Bucket
      to view the
      S3 Share Settings
      . This view displays the bucket policy and access control lists (ACL) with a link to the asset in the associated bucket so that you can get more context into the exposure.
    amazon-s3-asset-bucket-share.png

Recommended For You