How do I migrate to the new cloud connector functionality?

Applies to Deep Security as a Service only

If you have a Deep Security as a Service account and previously used the "Add Cloud Account" wizard to import Amazon Web Services resources into Deep Security Manager, those resources are organized by AWS region on the Computers tab. You may have run the wizard more than once if you have multiple AWS regions.

Deep Security as a Service now provides the ability to display your AWS instances under your AWS account name, organized in a hierarchy that includes the AWS Region, VPC, and subnet.

This feature is not available if you used the AWS CloudFormation option (on the Computers page, click "Add AWS Account") to add your AWS account to Deep Security.

Before migrating your AWS resources, you will need to edit the policy that allows Deep Security to access your AWS account:

  1. Log in to your Amazon Web Services Console and go to Identity and Access Management (IAM).
  2. In the left navigation pane, click Policies.
  3. In the list of policies, select the policy that allows Deep Security to access your AWS account.
  4. Go to the Policy Document tab and click Edit.
  5. Edit the policy document to include this JSON code:
    {
    	"Version": "2012-10-17",
    	"Statement": [
    		{
    			"Sid": "cloudconnector",
    			"Effect": "Allow",
    			"Action": [
    				"ec2:DescribeImages",
    				"ec2:DescribeInstances",
    				"ec2:DescribeRegions",
    				"ec2:DescribeSubnets",
    				"ec2:DescribeTags",
    				"ec2:DescribeVpcs",
    				"iam:ListAccountAliases",
    				"sts:AssumeRole"
    			],
    			"Resource": [
    				"*"
    			]
    		}
    	]
    }
  6. Select Save as default version.

To migrate your AWS resources in the Deep Security Manager:

  1. In the Deep Security Manager, go to the Computers page.
  2. In the Computers tree, right-click an AWS region and select Upgrade to Amazon Account.
  3. Click Finish and then Close. Your AWS instances will now appear under your AWS account name, organized in a hierarchy that includes the AWS Region, VPC, and subnet.