Onboarding Workflow

The onboarding workflow is as follows:

1. Provide the orchestrator account details, select the network configuration, and configure the regions where you want to deploy the local scanner. DSPM uses these details to generate a template in both CloudFormation and Terraform format.
2. Deploy the template on the orchestrator account. The template creates roles that provide DSPM with read-only permissions to access the account.
3. Add the target accounts that must be monitored and deploy the templates.

Prerequisites

Before onboarding an AWS account, ensure you have completed the following:

• You must be assigned an Administrator role to onboard the AWS account.
• Identify an AWS account as the orchestrator account. The DSPM template is deployed in this account to scan the data in the target accounts.
• Configure CloudTrail for management and data events. This allows DSPM to perform incremental data scans on S3 buckets. To enable data events for S3 buckets:
  1. Sign in to the AWS Management Console and go to CloudTrail.
  2. Under Trails, click the name of the CloudTrail that must be used to store data events.

  3. Under Data events, click Edit.

     See image.

     Close

  4. For All current and future S3 buckets, select the Write checkbox.

     See image.

     

     Close

  5. Click Save changes.
• You must be assigned either an Administrator role or any role with Add Accounts permissions in the DSPM Admin Portal.
• Select the CloudFormation or Terraform Template.

Onboarding an AWS Account

To onboard an AWS account:

1. Add orchestrator details and configure regions.
2. Deploy the orchestrator template.
3. Add the target account and deploy the templates.