When to update an AWS Account Integration:

  • The Plerion template has been updated with new permissions. This can be identified by verifying the findings for the PLERION-PLN-02 detection. If this detection has a failed finding, the integration should be updated.

PLN-2 detection

  • When CWPP capability needs to be enabled/disabled for an integration.

Steps for updating a 'Single AWS Account'

Automated

AWS Account integrations can be updated using 'Automated' mode which is recommended by Plerion. Users can choose to update their existing stack using AWS Console or AWS CLI by following the instructions.

Update existing stack

  1. Navigate to the AWS Account integration you're wishing to update from Tenant Settings > Integration

  2. Select 'Edit' icon against Role ARN

Updating Existing Stack (Console)

  1. Click 'Launch Stack'

  2. This will open the 'Specify stack details' AWS page. Navigate to the 'Configure stack options' page

  3. Copy the AuthToken from Plerion's 'Stack Parameters' to the 'AuthToken' Parameter Section on the 'Specify stack details' page on AWS

'Stack Parameters' with AuthToken

Copy over AuthToken

  1. To add CWPP capability, select 'CWPP' option

Add CWPP capability

  1. Click 'Next' on the 'Specify stack details' page

  2. On the final 'Review' page ensure you've ticked the following box:

Tick CloudFormation 'Capabilities' box

  1. Plerion will automatically pick up your modified Stack resources once the update is complete
Updating Existing Stack (CLI)

  1. Navigate to the AWS Account integration you're wishing to update from Tenant Settings > Integration

  2. Select 'Edit' icon against Role ARN

  3. Follow the steps provided the page while ensuring your copy over all the values from the Plerion Stack Parameters box to your CLI command

'Stack Parameters'`

  1. Plerion will automatically pick up your modified Stack resources once the update is complete
Create a New Stack

  1. Navigate to the AWS Account integration you're wishing to update from Tenant Settings > Integration

  2. Select 'Edit' icon against Role ARN

  3. Follow the on-screen instructions

  4. Plerion will automatically pick up your modified Stack resources once the update is complete

Manual

  1. Navigate to the AWS Account integration you're wishing to update from Tenant Settings > Integration

  2. Select 'Edit' icon against Role ARN

  3. Follow the on-screen instructions

  4. Once you've completed creating your Plerion role in your AWS account click 'Update'

Steps for updating 'Multiple AWS Accounts'

đź’ˇ

This step can only be performed on the Management Account Plerion Integration

Update using Multi Account Onboarding

  1. Navigate to the AWS Account integration you're wishing to update from Tenant Settings > Integration

  2. Select 'Edit' icon against Role ARN

  3. Click 'Update using Multi Account Onboarding'

  4. Click 'Next' on the 'Select capabilities' screen

  5. Click 'Update Existing StackSet' tab

'Update Existing StackSet' tab

  1. Follow the steps on the page, ensuring that you copy the AuthToken from Plerion's 'Stack Parameters' to the 'AuthToken' Parameter Section on the 'Specify stack details' page on AWS

'Stack Parameters' with AuthToken

Copy over AuthToken

  1. Ensure that you set 'Automatic deployment' to 'Deactivated' on the 'Set deployment options' page

Automatic deployment set to 'Deactivated'

  1. On the final 'Review' page ensure you've ticked the following box:

Tick CloudFormation 'Capabilities' box

  1. Click 'Submit'. Plerion will automatically pick up your updated StackSet resources once your StackSet has completed
Onboarding an AWS Organization Management AccountOnboarding an AWS Account with CDR