Prepare AWS Account for Onboarding (Cross Account)¶
Please follow the instruction to prepare your AWS account for onboardiing into the product.
Sign-in to AWS Console & go to IAM Service to create a new role “CloudOpticsRole” Please follow the actions in the screenshot below.
Please note account number (673199402158) and external id (cloudoptics) needs to exactly match.
- Please use following IAM Permissions to add to the role being created
- ReadOnlyAccess
- SecurityAudit
- AWSCloudTrailReadOnlyAcccess
- CloudWatchReadOnlyAccess
- Verify the name to create the role
- After creating the role, go the role and create inline policy
- Download cloudoptics_policy.json from here.
- Add cloudoptics_policy.json as per the image
- Make a note of role ARN. It will be needed to onboard account into CloudOptics.
Please follow further instructions for CNAPP
- Download co_kms_key_policy.json from link.
Create a KMS key in the region of your workloads as per the image
- KMS Key Alias : CloudOptics-KMS-Key
- Key Administrator : CloudOpticsRole
- AWS Account to be added : 673199402158
- Edit the KMS Key policy as per the image and insert co_kms_key_policy.json contents here