Account Setup

Connect Amazon Web Services (AWS) to Panther

The first step in configuring Panther's compliance feature is enabling scans. The CloudFormation stack below creates an IAM role with the AWS managed policy called SecurityAudit. This policy is designed specifically for scanning AWS accounts for security vulnerabilities. Panther will assume this role to ensure your AWS account is compliant and secure.

Follow the steps below to onboard each AWS account.

IAM Role Setup

Login to your Panther Dashboard.

From Settings, click Sources, and then Add Accountunder AWS Account Sources

Enter your account details and then click Next

Click the Launch Stack button, which will open CloudFormation in the AWS account you are currently logged into.

  • Select true under the DeployCloudWatchEventSetup, which will create an additional IAM Role needed to consume real-time events.

  • Enter the MasterAccountId, which is the 12-digit AWS Account ID where Panther is deployed

  • ‚Äč

Make sure to check the acknowledgement in the Capabilities box in the Create stack page

Click the Create stack button. After about 30 seconds, the stack's Status should change to CREATE_COMPLETE. If there is an error creating the stack, then an IAM role with the same name may already exist in your account.

Click through to the last page, and select Add New Source

The next section will detail how to monitor changes to AWS resources in real-time.