In the AWS IAM console, select Roles, and then click Create New Role.
Select Another AWS account for the type of trusted entity.
Enter the following details:
Account Id: 634729597623
External ID: enter the external id generated for you in the Dome9 account conversion screen (from stage 1, above)
Require MFA: NOT checked
Click Next: Permissions.
Select the Dome9-Read-Only Policy,created above, the AWS SecurityAudit and AmazonInspectorReadOnlyAccess policies, and (optionally, if the account is in Full Protection), the Dome9-read-write-policy.
Click Next: Tags, and then Next: Review.
Enter a name for the role, and then click Create Role.
In the Summary page, select the new role, and copy the Role ARN.
In the CloudGuard console, enter the Role ARN value in the Edit Role Credentials box for the AWS account (step 4, in the previous stage)
Click SAVE CHANGES.
This step is optional. If the old AWS IAM user account that was previously used to connect to CloudGuard Native is no longer used for anything else, it is a security best practice to remove it. Once the new Cross Account role integration method is fully tested, consider removing the unused AWS IAM user account.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?