Onboarding AWS Environments

This topic describes all available methods of onboarding AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. environments to CloudGuard.

You can select one of the methods below depending on the type and number of your environments:

Onboarding with Terraform

You can use the Check Point CloudGuard (Dome9) Terraform provider to onboard and update AWS environments in CloudGuard. First, you need to prepare Terraform files for your AWS environments. For more information, see the Terraform documentation at https://www.terraform.io/docs/providers/dome9/.

The dedicated resource at https://registry.terraform.io/providers/dome9/dome9/latest/docs/resources/aws_unified_onbording includes Intelligence and Serverless configurations, and the rulesets for Posture Management (Compliance) and Intelligence.

The full source code is at https://github.com/dome9/terraform-provider-dome9.

CloudGuard Features

Learn more about each functionality that CloudGuard provides:

Troubleshooting

Intelligence

Issue: CloudGuard cannot onboard your AWS account to Intelligence during the environment onboarding. The corresponding status and error message appear on the Onboarding Summary page.

Possible causes:

  • CloudGuard cannot find CloudTrail logs on your account

  • CloudGuard cannot find an applicable log destination, because your S3 bucket already has a configured Event Subscription

    Note - The preferred type of CloudTrail is a trail that applies to all Regions. If CloudGuard finds that your AWS account contains multiple globally applied trails, it selects one on a random basis. A warning message on the Onboarding Summary page notifies you that other buckets were found but not onboarded.

Solution: Onboard your AWS account to Intelligence separately, with Custom Onboarding. See Custom Onboarding for more information.

See also Troubleshooting.