Step 1/2: Configure AWS Accounts & Services for Data Protection

Step 1/2: Configure AWS Accounts & Services for Data Protection

On the Accounts & Services screen provide your AWS account number, account name, and admin email address. Then enable the services you want to run on the AWS accounts.

  1. Enter the AWS account number, account name, and admin email address in the text box. You can upload a CSV file with the account information, or enter it individually using the following format:
    123456789012,test,andrew@netskope.com
    764389765412,develop
    345689713654,production,timms@netskope.com
    

    Note

    Account name is required to help you easily identify each account in the Netskope tenant. Email address is optional.

    For information on how to create a CSV file, see Creating a CSV file.

  2. In the Services section, select the services you want to enable on the AWS accounts.
    • DLP Scan: Scans the S3 buckets for sensitive data and generates events when buckets are created, modified, or deleted. You can view the DLP Incidents in the IaaS > Overview ,  Skope IT > Alerts, and Incidents > DLP pages.

      DLP is a licensed feature. Contact Support and get the license to enable this feature in your tenant UI.

      To learn more about using DLP policies, rules, and data identifiers to scan for DLP violations, see the Data Loss Prevention documentation.

    • Threat Protection (Malware Scan): Scans the S3 buckets for malware. Threat Protection is a licensed feature. Contact Support and get the license to enable this feature in your tenant UI.

      You can view the malware alerts in the Skope IT > Alerts and Incidents > Malware pages.

      To learn more about configuring a malware detection profile, see Creating a Malware Detection Profile.

After providing the account information and selecting the services, proceed to Step 2/2: Configure AWS Permissions for Data Protection.

Creating a CSV file

An effortless way to add multiple AWS accounts in the setup screen is to create a CSV file with the account numbers, account names, and email addresses.

You can use Microsoft Excel or Google Sheets to create a CSV file. To get the list of AWS account numbers, account names, and email addresses using the AWS CLI, run the following command:

aws --output=text organizations list-accounts | awk -F't' '{printf("%s,%s,%sn",$4,$7,$3)}'

The output of this command can then be copied to a spreadsheet in Microsoft Excel or Google Sheets and saved as a comma separated CSV, as shown in the screenshot.

excel-to-csv.png

This CSV file can then be uploaded to the setup screen.

Share this Doc

Step 1/2: Configure AWS Accounts & Services for Data Protection

Or copy link

In this topic ...