Connect AWS Account to Multicloud Defense Controller from the Multicloud Defense Dashboard

Multicloud Defense has created a CloudFormation template that makes it easy to connect an AWS account to the Multicloud Defense Controller.

Before you begin

Read through the following requirements before you connect an AWS account to Multicloud Defense:

  • You must have requested a Multicloud Defense Controller for your Security Cloud Control tenant before you begin.

  • The name of the cloud storage bucket in your AWS account must be between 3-65 characters. Bucket names longer than 65 characters will result in an error during the connection process.

Note

Multicloud Defense Controller version 23.10 defaults to IMDSv2 in the AWS EC2 instance when using Multicloud Defense Gateway version 23.04 or newer. For more information about the difference beween IMDSv1 and IMDSv2, see AWS documentation.

Procedure

Step 1

In the left pane of Security Cloud Control, click Multicloud Defense.

Step 2

Click Multicloud Defense Controller.

Step 3

In the Cloud Accounts pane, click Add Account.

Step 4

On the General Information page, select AWS from the Account Type list box.

Step 5

Click Launch Stack to download and deploy our CloudFormation template. This should open up another tab to deploy the template. Login to AWS is required.

Step 6

Acknowledge that the AWS CloudFormation might create IAM resources with custom names.

Step 7

Fill in these values:

  • AWS Account Number: Enter the AWS account number of the account you wish to secure. This number can be found in the output value CurrentAccount of the CloudFormation Template.

  • Account Name: Enter the name you want to give your account once it has been onboarded.

  • Description:(Optional) Enter an account description.

  • External ID: A random string for IAM role's trust policy. This value will be used in the controller IAM role created. You can edit or regenerate the External ID.

  • Controller IAM Role: This is the IAM role created for theMulticloud Defense Controller during CloudFormation Template (CFT) deployment. Look for the output value MCDControllerRoleArm in CFT stack. It should be something similar to this: arn:aws:iam::<Acc Number>:role/ciscomcdcontrollerrole.

  • Inventory Monitor Role: This is the IAM role created for Multicould Defense Inventory during CFT deployment. Look for the output value MCDInventoryRoleArn in CFT stack. Should be something similar to this: arn:aws:iam::<Acc Number>:role/ciscomcdinventoryrole.

Step 8

Click Save and Continue.

You are returned to the Multicloud Defense dashboard where you will see that the you have a new AWS cloud account recorded.

What to do next

Enable traffic visibility.