AWS Organization Onboarding

Prerequisites

• Ensure an orchestrator is deployed within the organization intended for onboarding.
• Ensure the individual performing the onboarding possesses administrative privileges for the organization.

Procedure

1. Access Prisma Cloud DSPM.
   1. In Prisma Cloud DSPM, navigate to the Settings in the sidebar menu.
   2. Go to the Integrations tab and locate the Cloud Platforms section.
   3. Click on the Amazon Web Services thumbnail, then click Configure to access the Amazon Web Services Connect Accounts page.
      
      
2. Connect AWS organization.
   1. On the Amazon Web Services Connect Accounts page, select Add organization from the Add New dropdown menu.
      
      
   2. Sign in to an AWS account with permissions to execute a stack set across the organization.
   3. Choose the location of the orchestrator for the organization from the dropdown menu.
   4. Click Generate Template.
      
      
3. Copy the template link.
   1. In the Add AWS organization pop-up window, copy the provided template link.
   2. Click StackSet page, which redirects to the AWS Sign in page.
      
4. Create a StackSet.
   1. In the sidebar menu, navigate to StackSets, and click Create StackSet to open the Choose a template window.
      
      
5. Choose a template.
   1. In the Choose a template window, scroll down to Specify template section.
   2. Enter the URL, copied earlier, into the Amazon S3 URL field.
   3. Click Next to proceed to the Specify StackSet details page.
      
      
6. Specify StackSet details.
   1. In the StackSet name field, provide a meaningful name and an optional description for the StackSet.
   2. Click Next to proceed to the Configure StackSet options page.
      
      
7. Configure the StackSet options.
   1. Optionally add tags and select a Managed execution option.
   2. Click Next to proceed to the Set deployment options page.
      
      
8. Specify the deployment options.
   1. Choose to deploy Prisma Cloud DSPM at the organization level or select specific organizational units. If you select specific units, specify the units you intend to onboard.
   2. Ensure the Activated and Delete Stacks options are selected in the Auto-deployment options section.
   3. Click Next to review the configuration.
      
9. Review and submit.
   1. Scroll down to the foot of the Review page and click Submit to initiate the deployment.
      
      
10. Track the deployment.
    1. Wait until the stack status changes from Running to Succeeded.
    2. Track the deployment progress of each individual stack in the Stack instances section.
       Note that the individual accounts are generally populated and viewable in Prisma Cloud DSPM within several minutes.