Removing Intelligence from AWS Environments

This topic describes how to remove Intelligence from your AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. environment with a new onboarding experience. For a legacy procedure with manual onboarding, see Manual Removing of Intelligence from AWS Environments

You can remove Intelligence from your AWS environments. As a result, CloudGuard stops to receive all Account activity and Traffic activity (CloudTrail and Flow Logs) from your environment.

For environments onboarded before with Standard Onboarding, the process removes the S3 event notification to the Intelligence SNS topic endpoint from all S3 buckets A bucket is a container for objects stored in Amazon S3 (Amazon Simple Storage Service). on this account.
For environments onboarded with CFT or before with Custom Onboarding, the process removes the subscriptions to the Intelligence SQS Reliable and scalable hosted queues for storing messages as they travel between computers. queue endpoint.

Best Practice - First, in your AWS account, remove the stack created during the Intelligence onboarding. Second, remove Intelligence in the CloudGuard portal.

On your AWS account

To remove the onboarding stack on the AWS account:

Open the AWS console and find the stack created during the Intelligence onboarding process.
On the top menu, click Delete.

Stack deletion can fail if the stack resources were changed outside the stack context. For example, because of a manual change from the AWS console.

For troubleshooting issues, use the stack drift. From the menu, select Stack actions > Detect drift.

If the result that you get is not IN_SYNC, then correct the drift status before you delete the stack.

Notes:

The stack removal does not delete the SNS topics and their policies if you use them with other resources.
If you started offboarding from your CloudGuard account before the stack deletion, the subscription can appear as missing in the drift check. This does not prevent you from successful offboarding.

No more account logs are sent to Intelligence, and you cannot see the existing logs on the CloudGuard portal.

Note - CloudGuard stores the existing logs until the end of your retention period. If you onboard your account to Intelligence again during this retention period, you can see the logs for the period before the offboarding.