Onboard an AWS GovCloud or AWS China Environment
This topic explains how to add an AWS GovCloud or AWS China environment to CloudGuard. This onboarding process adds all regions and Security Groups in the AWS environment to the CloudGuard console and enables you to manage the AWS Security Groups from CloudGuard.
The onboarding process for these environments is similar to that for regular accounts (see Onboard an AWS Environment for details), except that permissions to CloudGuard to access the account are user-based, while for regular accounts they are role-based. An IAM user is created in the AWS GovCloud or China account, which CloudGuard uses to access the account.
You can manage AWS GovCloud or China accounts in CloudGuard as Read-Only or Full-Protection, as for regular AWS accounts.
- In the CloudGuard portal, navigate to Assets > Environments, click Add New and select AWS Environment.
Select platform and mode. Select GovCloud or AWS China as the platform, and select the operation mode, Read-Only or Full-Protection.
Follow these steps to prepare an IAM policy for CloudGuard.
Follow these steps to create an IAM user for CloudGuard - GovCloud or AWS China.
- Optionally, select the Organizational Units in CloudGuard with which the onboarded environment is associated. These associations can always be modified later on, from the Organizational Units page.
- Click Finish. The onboarding process starts. It can take a few minutes, based on the number of entities in the environment.