Unified Onboarding of AWS Environments

This topic describes how to onboard an AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. environment automatically. For other onboarding methods, see Onboarding AWS Environments.

Prerequisites

Before onboarding your AWS account, make sure:

  • You have Administrator permissions to create and manage resources in this account.

Two Paths: One Click or Advanced Onboarding

Select an onboarding path for your AWS environment:

  • ONE CLICK Onboarding - Automatically onboard your AWS account to CloudGuard. The welcome screen includes the features enabled for your environment. The CloudGuard algorithm decides which resources to onboard and how with minimal involvement from your side. Your initial configuration includes:

    • Posture Management - CloudGuard creates these policies from the rulesets recommended by Check Point security experts:

      • AWS CIS Foundation ruleset - Latest version

      • AWS CloudGuard Best Practices

      • AWS CloudGuard CheckUp

    • Intelligence Account Activity (for Standard AWS Accounts only. GovCloud and China Cloud Accounts are not supported) - Intelligence Account Activity is enabled on a selected S3 bucket that has a CloudTrail.

      Note - In this path, CloudGuard activates Intelligence automatically. Before you start the onboarding process, make sure that your AWS account has an active CloudTrail with an S3 bucket assigned.

      CloudGuard creates your Intelligence policy based on the AWS CloudGuard Best Practices Intelligence ruleset.

    • Permissions - CloudGuard applies the Monitor mode to all assets related to this account, for example to the Security Groups.

      CloudGuard can manage your AWS accounts in Monitor or Full Protection modes that determine the type of permissions that CloudGuard receives from AWS.

    • Serverless Protection (for Standard AWS Accounts only) - CloudGuard enables Serverless Protection on your account by default.

  • ADVANCED Onboarding - Multiple options for non-standard and customizable environments. Select the functionalities, resources, and settings to configure. During the onboarding process, CloudGuard uses a combination of Lambda functions and CFT deployed on your account to create an optimal configuration.