Netskope Help

Setting Up Multiple AWS Accounts using the New UI

Netskope has a new set up process to configure multiple AWS accounts with Netskope’s Public Cloud Security features such as Continuous Security Assessment and Storage Scan, which includes DLP Scan and Threat Protection (Malware Scan). The set up uses a Cloud Formation Template (CFT), aws-instance-setup.yml that is customized with permissions required for Netskope for IaaS. These permissions vary depending on the services you want to enable on your AWS accounts.

For example, if you enable DLP Scan or Threat Protection (Malware Scan) on your accounts, then aws-instance-setup.yml sets up cross-account access between Netskope and the AWS accounts to create a CloudWatch event stack called NetskopeStack in all regions of the AWS accounts. This stack subscribes the AWS accounts to Netskope's notification receiver to receive CloudWatch events generated from write, update, and delete operations performed on S3 buckets in your AWS accounts. For more information, see "What happens in the process?" section in Step 2/2: Permissions.

The Cloud Infrastructure pages in the Netskope UI provide details about all the events and scan results.

The new setup enables,

  • Simplified bulk setup of multiple AWS accounts with Netskope for IaaS.

  • Scanning S3 buckets for DLP violations and malware with improved efficiency using CloudWatch events.


IaaS Storage Scan (DLP and Threat Protection) feature does not support quarantine and legal hold functionalities. If you have configured a DLP or Malware quarantine profile with an external storage provider such as OneDrive, the file would be copied to that location. However, the file would not be removed from its original location in the public cloud storage, AWS S3.


Before you begin the setup process, ensure that: