Removing Intelligence from AWS Environments with API
Offboarding removes the SNS subscription between AWS
Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. and CloudGuard Intelligence. After the SNS subscription is removed Intelligence no longer receives data from CloudTrail or Flow Logs for that specific CloudGuard account.
|
|
Note - Offboarding does not delete the SNS topic, S3 Buckets, or S3 Event Notifications. |
To offboard an AWS account from CloudGuard Intelligence, send the API request through an API platform, such as Postman, or use code to run the API request automatically.
Prerequisites
|
|
Important - If you did onboarding with a CloudFormation stack, you must first do the steps in "On your AWS account" in Removing Intelligence from AWS Environments |
Before offboarding your AWS environments with API, make sure that you have prepared:
-
CloudGuard account information: API key and secret for your account.
-
AWS account information: ID of your AWS account (Account Number).
-
Make sure the AWS environment shows in your CloudGuard account. Go to Assets > Environments. If the selected environment is connected to CloudGuard Intelligence, then below Network Traffic or Account Activity a green check mark shows.
|
|
Notes:
|
To offboard manually with API
Request
POST /v2/view/magellan/disable-magellan-for-cloud-account
"cloudAccountId": "......"
"Vendor": "AWS"For API documentation and code examples, see API Reference.
Authorization
Basic Authorization: Use the API key and secret as username and password.
Parameters
-
cloudAccountId - AWS account ID that contains the S3 bucket, which must be onboarded to CloudGuard Intelligence.
-
vendor - Name of the cloud provider.
Response
200 – OK
To offboard automatically with code through API
Check Point recommends this option for users with multiple CloudGuard Intelligence accounts.
Requests
-
For API documentation and code examples, see API Reference.
-
For base URL information, see REST API.
Authorization
Basic Authorization: Use the API key and secret as username and password.
Parameters
-
cloudAccountId - AWS account ID that contains the S3 bucket, which must be onboarded to CloudGuard Integration Guide.
-
vendor - Name of the cloud provider.
Response
200 – OK
Offboarding Verification
When the offboarding is complete, make sure the subscription is removed from your AWS SNS topic.