Onboard AWS accounts to Log.ic
This topic explains how to onboard AWS accounts to use CloudGuard Logic.
Your account must already be onboarded to CloudGuard Dome9. If your account is not yet onboarded, follow these steps.
In the onboarding steps below, you will add an IAM policy to your AWS account that grants CloudGuard permission to create subscription filters. These are used to receive VPC Flow logs and CloudTrail logs. These steps should be repeated for each account that is onboarded to Log.ic. Once permissions have been granted for an account, they are sufficient for all VPCs and CloudTrail logs in that account.
The onboarding process has steps performed on the AWS console, and others performed on CloudGuard, to onboard information from the selected AWS accounts to Log.ic.
These steps are performed on the CloudGuard console, to select the AWS accounts for Log.ic.
In CloudGuard, navigate to the Cloud Accounts page in the Asset Management menu.
Select the AWS account to be onboarded to Log.ic.
Click ADD LOG.IC (in the upper right), and select Flow Logs or CloudTrail, to start the Log.ic onboarding wizard.
Note: you must onboard Flow Logs and CloudTrail separately for each account. If you onboard one of them, repeat these steps for the other.
Follow the onscreen instructions to complete the process. This will involve these steps:
Configure an IAM policy in the AWS account to grant permissions to CloudGuard to access the flow logs or Cloud Trail logs. This step needs to be done only once; if you onboard both flow logs and Cloud Trail, do this once.
Select the log groups in the AWS account. CloudGuard uses these to obtain the log information.