Environments

The Environments page shows your CloudGuard-managed cloud accounts and KubernetesClosed Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. clusters.

If CloudGuard fully manages your environments, you can set the protection of your Security Groups from here.

In the Environments section, you can see all of your environments, on all platforms, in a single pane of glass. For managed accounts, you can configure and apply changes centrally to all these environments in one area.

Use Cases

Here are some typical use cases to illustrate the control of Environments from one central location.

  • Search for environments - To quickly search for specific environments across all your cloud presence, see Filter and Search.

  • Review security posture - To assess your security posture effectively and review all your security groups protection state in one view, see Security Groups.

  • Apply equal changes - To expand your cloud presence, you can change the security policies for all regions from one portal, see Cloud Security Posture Management (CSPM).

  • Respond to environment permissions behavior - To receive a notification about changes to one of your environments and then take corrective steps, see Notifications.

Actions

The primary page shows a list of all your environments, on all cloud providers.

To filter the list of environments, use the Filter and Search bar at the top of the page. As filter criteria, use Platform, IAMClosed Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. Safety status, Intelligence status, the number of assets, or other available parameters.

See Filter and Search.

In the Environments page, add (onboard) environments to CloudGuard, for cloud platforms. This adds the accounts to the CloudGuard Console. You do not create accounts on the cloud provider here (as an alternative, use the cloud provider site). When you add an environment to CloudGuard, you can select to manage it from CloudGuard (Full Protection) or monitor it (Read-Only).

  1. Navigate to Assets > Environments. This shows a list of the environments added to CloudGuard.

    Note - For first-time onboarding, select a cloud platform from the Environment's primary page and follow the onboarding steps. For more information, see Onboarding Cloud Environments.

  2. Click Add and select the cloud platform.

  3. Follow the instructions to onboard an environment to CloudGuard, for the selected cloud platform. For more details, see Onboarding Cloud Environments.

You can view details for an environment.

From the primary page, click an environment link to show more details. The details are organized by region (based on the cloud provider regions).

They show general information for the account, with the environment number, the date of adding to CloudGuard, the number of instances, and security groups. The information varies depending on the cloud platform.

If the environment policies have missing permissions to allow CloudGuard to see or manage your environment, the warning message appears: Missing 10 permissions for CloudGuard-Connect.

These permissions relate to the CloudGuard-Connect policy (an AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. policy, which enables CloudGuard to connect and manage your AWS accounts).

  1. Click Show more to see the missing permissions. The list shows the cloud resources that are missing each permission (CustomDomainName, for example), the permission type (tags), and the action for the resource that you must add (ListTags). In addition, it shows the number of resources missing this permission (# Affected Entities). Click Show Entities in the last column to see the specific resources.

  2. Click Validate Permissions to add the missing permissions to your account.

  3. To verify that the policies are updated for your AWS accounts, see Updating AWS Permissions.

    Note - CloudGuard cannot fetch updated data for entities that have missing permissions.

You can change the name of an environment. This changes the name as it appears on the CloudGuard portal, but not on the cloud provider.

  1. Enter the environment.

  2. Select Rename from the top right menu.

  3. Make your changes.

  4. Click Save to save the changes (or close to cancel the changes).

It is possible to change the AWS IAM Role for an environment. The role must exist in your AWS account.

  1. Click on an account from the list of accounts on the primary Environments page.

  2. Select Edit Credentials from the top right menu.

  3. In the AWS console, open your AWS account and navigate to the IAM page. Select Roles and copy the ARNClosed Amazon Resource Names (ARNs) uniquely identify AWS resources. They are required to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. for the role to be applied to the account in CloudGuard. See AWS IAM Roles.

  4. Enter (or paste) the ARN value in the Role ARN field.

  5. Click Confirm.

Click Remove to delete the selected environment from CloudGuard. This does not delete the environment or its resources on the cloud provider.