You can manage your Amazon Web Services (AWS) decoys from the Zscaler Deception. All decoys created from the Zscaler Deception Admin Portal are tabulated under their respective decoy category tabs. Each table shows the details associated with each decoy in the category and also shows its deployment status. You can also edit or delete decoys by using the respective options from the decoys table.

Checking Deployment Status

At the time of integration, Deception deploys a health check lambda function on AWS. This function periodically checks all decoy resources deployed on AWS and updates their status to the Deception Admin Portal every 15 minutes. You can check the deployment status indicated by the icon next to the name of the decoy in the decoys table. The following icons are used to show the status of the decoys:

• – Indicates a deployed state.
• – Indicates an inactive state. This means the decoy no longer exists on AWS or one of its properties used to reference does not exist. This happens when the decoy or its resources are manipulated directly from AWS.
• – Indicates a pending deployment state. This means that the decoy has been created or modified in the Deception Admin Portal, but the deployment script to propagate changes to the AWS cloud has not been initiated.
• – Indicates a pending deletion state. This means that the decoy has been deleted from the Deception Admin Portal, but the deployment script to propagate changes to the AWS cloud has not been initiated.

See image.

Editing or Deleting AWS Decoys

You can edit or delete the AWS decoys that you configured in the Deception Admin Portal. Such changes made to the AWS decoys in the Deception Admin Portal are propagated to the AWS cloud only after running the deployment script on the AWS CloudShell.

Prerequisites

Obtain the CloudShell command using one of the following methods:

• Automated Download Method
• Manual Download Method

Editing an AWS Decoy

To edit an AWS decoy:

1. Go to Deceive > Cloud Deception > AWS.

2. Select the relevant decoy category tab. For example, if you want to edit an IAM user decoy, select the IAM tab.

   See image.

   

   Close

3. Make sure that the decoy you want to edit is in the Not Deployed state, and then click the Edit icon for the decoy.
4. Modify the decoy details as per your requirements.
5. Click Save.
6. Sign in to the AWS Management Console as an administrator.

7. Launch CloudShell by clicking the CloudShell icon on the top navigation bar.

   See image.

   

   Close

   The AWS CloudShell window appears.

8. In the AWS CloudShell window:

   1. Run the deployment script using the command obtained via the automated download method or manual download method.
   2. Enter the option to deploy the preferred decoy and press Enter.

   See image.

   

   Close

Upon successful execution of the script, the changes are propagated to the AWS cloud.

Deleting an AWS Decoy

To delete an AWS decoy:

1. Go to Deceive > Cloud Deception > AWS.

2. Select the relevant decoy category tab. For example, if you want to delete an IAM user decoy, select the IAM tab.

   See image.

   

   Close

3. Click the Delete icon for the decoy.
4. Sign in to the AWS Management Console as an administrator.

5. Launch CloudShell by clicking the CloudShell icon on the top navigation bar.

   See image.

   

   Close

   The AWS CloudShell window appears.

6. In the AWS CloudShell window:

   1. Run the deployment script using the command obtained via the automated download method or manual download method.
   2. Enter the option to deploy the preferred decoy and press Enter.

   See image.

   

   Close

Upon successful execution of the script, the changes are propagated to the AWS cloud.