Manual Onboarding of AWS GovCloud or AWS China Environments

This topic explains how to add an AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. GovCloud or AWS China environment to CloudGuard with the legacy procedure. For the new experience with the Unified onboarding process, see Unified Onboarding of AWS Environments.

This onboarding process adds all regions and Security Groups in the AWS environment to the CloudGuard console and enables you to manage the AWS Security Groups from CloudGuard.

The onboarding process for these environments is equivalent to that for regular accounts (see Manual Onboarding of AWS Environments for details), only that permissions to CloudGuard to access the account are user-based, while for regular accounts they are role-based. An IAMClosed Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. user is created in the AWS GovCloud or China account, which CloudGuard uses to access the account.

You can manage AWS GovCloud or China accounts in CloudGuard as Monitor or Full-Protection, as for regular AWS accounts.

To onboard AWS GovCloud or China accounts manually:

  1. In the CloudGuard portal, navigate to Assets > Environments, click Add New and select AWS Environment.

  2. Select platform and mode. Select GovCloud or AWS China as the platform, and select the operation mode, Read-Only or Full-Protection.

  3. Follow these steps to prepare an IAM policy for CloudGuard.

  4. Follow these steps to create an IAM user for CloudGuard - GovCloud or AWS China.

  5. Optionally, select the Organizational Units in CloudGuard with which the onboarded environment is related. These associations can always be changed from the Organizational Units page.

  6. Click Finish. The onboarding process starts. It can take a few minutes, based on the number of entities in the account.