AWS Overview

Multicloud Defense has created a CloudFormation template that you use when connecting an AWS account to the Multicloud Defense Controller.

To prepare a cloud account for integration with Multicloud Defense Controller, the there are certain steps that need to be performed in the cloud account. Below are the prerequisite steps you need to perform before connecting your AWS cloud account to Multicloud Defense Controller. This is intended to provide an overview of the operation and not intended to be performed manually. In CloudFormation section, there are details of deployments and parameters information.

Overview of steps

  1. Create a cross-account IAM role that the Multicloud Defense Controller uses to manage your cloud account.

  2. Create an IAM role that is assigned to the Multicloud Defense Gateway EC2 instances that run in your account.

  3. Create a CloudWatch event rule that transfers the management events to the Multicloud Defense Controller.

  4. Create an IAM role that is used by the above CloudWatch event rule that gives it the permissions to do the transfer of the management events.

  5. Optionally, create an S3 bucket in your account to store CloudTrail events, Route53 DNS query logs, and VPC Flow Logs.

  6. Enable Route53 DNS Query Logging with the destination as the S3 Bucket created above and select the VPCs for which query logging must be enabled.

  7. Enable CloudTrail to log all the management events to the S3 Bucket created above.

  8. Enable VPC Flow Logs with destination as the S3 Bucket created above.

  9. Accept the AWS Marketplace Terms of Service.