Onboard your AWS account to CloudGuard Dome9 Log.ic

In this topic:

    This article explains how to onboard your AWS account to use CloudGuard Dome9 Log.ic.

    Your account must already be onboarded to CloudGuard Dome9. If your account is not yet onboarded, follow these steps.

    Log.ic uses VPC Flow Logs and CloudTrail logs from your AWS account. These must be connected to an AWS CloudWatch Log Group (without subscription filters).

    In the onboarding steps below, you will add an IAM policy to your AWS account that grants CloudGuard Dome9 permission to access your VPC Flow logs and CloudTrail logs (using the Log Groups). These steps should be repeated for each account. 

    The onboarding process has two steps, one performed on the AWS console for each AWS account to be onboarded to Log.ic, to set up an IAM policy for Dome9, and the other performed on CloudGuard Dome9, to onboard information from the selected AWS accounts to Log.ic.

    Set up an IAM read-write policy for CloudGuard Dome9 to access CloudWatch Log Groups

    1. Log in to the AWS account that will be onboarded to Log.ic (if more than one account is to be onboarded, repeat these steps for each one).
    2. Click Services, and select IAM.
    3. Select Policies, and click Create Policy.
    4. Select the JSON tab.
    5. Paste this IAM policy:
      {
      "Version": "2012-10-17",
      "Statement": [
      {
      "Sid": "Dome9SubscriptionFilter",
      "Action": [
      "logs:DescribeSubscriptionFilters",
      "logs:PutSubscriptionFilter"
      ],
      "Effect": "Allow",
      "Resource": "*"
      }
      ]
      }
    6. Click Review Policy.
    7. Name the policy dome9-subscription-filter-read-write-policy and click Create Policy.
    8. In the AWS IAM console, attach this policy to the Dome9-Connect role (this role is created in the process of onboarding the AWS account to CloudGuard Dome9).

    Onboard the the AWS accounts to CloudGuard Dome9

    1. In CloudGuard Dome9, enter and navigate to this URL: https://secure.dome9.com/v2/magellan/onboarding/connect-cloud-accounts.
    2. Click GET STARTED.
    3. Select the cloud account(s) to be onboarded to Log.ic from the list (these are the AWS accounts that have been onboarded to your CloudGuard Dome9 account), and then click NEXT. If more than one account will be onboarded to Log.ic, you can use the filter to reduce the list to the accounts of interest.
    4. In CloudGuard Dome9, select the accounts and VPCs from the list, then click NEXT. The list will show all VPCs, including ones that have been onboarded to Log.ic, and ones with issues.
      Select-VPCs.png
      The selected VPCs will be onboarded to Dome9.
      Finish.png

    See also

    Onboard an AWS Account to CloudGuard Dome9

    Log.ic