Prepare AWS Account for Onboarding (Cross Account)¶

Please follow the instruction to prepare your AWS account for onboardiing into the product.

Sign-in to AWS Console & go to IAM Service to create a new role “CloudOpticsRole” Please follow the actions in the screenshot below.

Please note account number (673199402158) and external id (cloudoptics) needs to exactly match.

_images/x_account_create_role_1.png

Please use following IAM Permissions to add to the role being created
- ReadOnlyAccess
- SecurityAudit
- AWSCloudTrailReadOnlyAcccess
- CloudWatchReadOnlyAccess

_images/x_account_create_role_2.png

Verify the name to create the role

_images/x_account_create_role_3.png

After creating the role, go the role and create inline policy

_images/x_account_create_role_4.png

Download cloudoptics_policy.json from here.

Add cloudoptics_policy.json as per the image

_images/x_account_create_role_5.png

Make a note of role ARN. It will be needed to onboard account into CloudOptics.

Please follow further instructions for CNAPP

Download co_kms_key_policy.json from link.

Create a KMS key in the region of your workloads as per the image
- KMS Key Alias : CloudOptics-KMS-Key
- Key Administrator : CloudOpticsRole
- AWS Account to be added : 673199402158

_images/cwpp_key_5.png

Edit the KMS Key policy as per the image and insert co_kms_key_policy.json contents here

_images/cwpp_key_6.png

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.