In the Select Cloud Provider window:

1. Under Select Cloud Type, click the AWS tile.
2. Under Select Onboarding Type, click the Standalone Account tile.

See image.

Close

• DSPM Alias: Enter a user-friendly name for the account.
• Role Name: Enter a unique role name. This role name is added as a prefix to all the IAM roles that are created during the onboarding process.
• Orchestrator Account ID: Enter the account ID of the account where you want to deploy the orchestrator template.
• Select Orchestrator Region: Select the region to deploy the template.
• Network Configurations: Select one of the following options:
  • Zscaler

    Click Configure Regions to select the regions that DSPM must monitor and click Done.

    See image.

    Close

    Close
  • Custom
    1. Enter the following information for the orchestrator instance:
       • Subnet ARN: The private subnet ARN.
       • Security Group ID: The security group ID.

    2. Click Configure Regions to select the regions that DSPM must monitor, and enter the following for each selected region:

       • Subnet ARN: The subnet where the scanner instances must be launched.
       • Security Group ID: The security group ID that controls network traffic to and from the scanner instances.
       • DB Subnet Group ARN: (Optional) The database subnet group ARN. This is required for DSPM to scan the RDS databases.

       See image.

       Close

    Close
• Add Custom Tags (Optional): Enter key-value pairs that must be attached to the resources created by DSPM. Click Add More to enter additional tags and click Done.

Click Apply to continue. Click Reset if you want to change the details.

See image.

Close

If all the details are accurate, you are directed to the Deploy Orchestrator section.