Onboarding AWS Environments to Intelligence with API

You can onboard one or more AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. environments to Intelligence with the CloudGuard REST APIClosed Also known as RESTful API - an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services.. For onboarding an AWS environment with the CloudGuard portal, see Onboarding AWS Environments to Intelligence.

Prerequisites

Before onboarding your AWS environments with API, make sure that you have prepared:

Request

POST /v2/view/magellan/magellan-custom-onboarding

Copy
{
"bucketName": " intelligence-onboarding-*****-*****-******* ",
"bucketAccountId": "5******************9",
"topicArn": " arn:aws:sns:us-east-1:5************9:********",
"cloudAccountIds": [  ],
"onboardingType": "Cloudtrail"
}

For API documentation and code examples, see API Reference.

Authorization

Basic Authorization: Use the API key and secret as username and password.

Parameters

  • bucketName - Name of the S3 bucket that stores the Flow Logs or CloudTrail logs

  • bucketAccountIdAWS account ID that contains the S3 bucket (must be onboarded to CloudGuard)

  • topicArn – ARN of the SNS topic that receives event notifications from the S3 bucket

  • cloudAccountIds – For a centralized S3 bucket, the cloud account IDs of the other AWS accounts that send log files to the centralized S3 bucket.

  • onboardingTypeCloudTrail or Flow Logs for Account Activity or Traffic Activity

Response

200 – OK

Onboarding Verification

When done, make sure that:

  • The subscription is added to the SNS topic.

  • The new logs of the onboarded AWS account start to appear in the CloudGuard portal in Events > Account Activity or Network Traffic. This can take less than 30 minutes.