This article applies to customers using Netskope One DSPM-hosted tenants. For self-hosted customers, please visit our Onboarding AWS Accounts within self-hosted Netskope One DSPM instances article.
Overview
These instructions are used for onboarding AWS Accounts and Organizations as infrastructure connections within Netskope One DSPM via Terraform. Such connections permit Netskope One DSPM to discover your available data stores and facilitate scanning and classification activities. You will repeat these steps for each AWS Account or Organization you wish to onboard to Netskope One DSPM.
For these instructions, you will start activity within Netskope One DSPM, next be directed to perform actions within the Terraform CLI, AWS CLI of Console, then finally return to Netskope One DSPM to complete the connection.
Verify that the below software tools are installed and configured on your machine before continuing. You would need to have the following toolset installed and configured while invoking them from the terminal.
In addition, ensure that you validate the latest version of these toolsets by running the following commands at your terminal prompt:
terraform --version (Ver 1.5.1)
aws --version (Ver 2.13.1)Instructions for Infrastructure Connection
Individual AWS Account
You will repeat these steps for each individual AWS account you wish to onboard within the Netskope One DSPM application.
Steps to Complete Netskope One DSPM Infrastructure Connection
- Log into Netskope One DSPM.
- Navigate to Administration → Infrastructure Connections → AWS tab.
- Click the Add Infrastructure button in the upper right.
- Click ADD ACCOUNT.
- Leave on or toggle off Auto-Discover New Data Stores, depending on your preference.
- Click NEXT.
- Enter the following values:
| Field | Value |
|---|---|
| Account Name | Any value (this is used to identify your infrastructure connection within Netskope One DSPM). |
| Account ID |
Obtain from your AWS console:  |
| Netskope One DSPM Service Account Role | Will default to Netskope One DSPM_Role. Note that this value needs to be unique to each onboarded account. |
- Select Terraform.
- Click DOWNLOAD TEMPLATE to download a .zip file with Terraform scripts. Leave Netskope One DSPM open with the Add Infrastructure modal to return to later.
The next several steps are completed within the terminal on your local machine:
- Extract the .zip file from your downloads folder. A folder is created called account, which will contain the relevant Terraform files.
- Navigate to downloaded account folder, then run the following command: terraform init. The command will run with the text Initializing the backend…
- Once complete, you will see success text in green: Terraform has been successfully initialized, with additional output text below.
- Run the script by running the command: terraform apply. You will see a warning here if you are not logged in or have improper credentials within AWS.
- You will see an output of resources to be created, including Account Name, Service Account Role, and Account ID. Enter yes to continue.
- Once finished, you will see success text in green: Apply complete! Resources: XX added, 0 changed, 0 destroyed.
Return to Netskope One DSPM in your browser and click SAVE to finish connecting your AWS Infrastructure.
Your AWS Account infrastructure connection is now complete, and you are able to discover data stores for analysis.
AWS Organization
You will perform these steps once for each AWS organization you wish to onboard within the Netskope One DSPM application. Any changes to your organization's membership units will be automatically accommodated.
Steps to Complete Netskope One DSPM Infrastructure Connection
- Log into Netskope One DSPM.
- Navigate to Administration → Infrastructure Connections → AWS tab.
- Click the Add Infrastructure button in the upper right.
- Click ADD ORGANIZATION.
- Leave on or toggle off Auto-Discover New Accounts and Auto-Discover New Data Stores, depending on your preference.
- Click NEXT.
- Enter the following values:
| Field | Value |
|---|---|
| Organization Name | Any value (this is used to identify your infrastructure connection within Netskope One DSPM). |
| Organization ID |
Obtain from your AWS Organizations console. You can onboard an organization at root or organization unit level to include all accounts within.  |
| Netskope One DSPM Service Account Role | Will default to Netskope One DSPM_Role. Note that this value needs to be unique to each onboarded organization. |
- Select Terraform.
- Click DOWNLOAD TEMPLATE to download a .zip file with Terraform scripts. Leave Netskope One DSPM open with the Add Infrastructure modal to return to later.
The next several steps are completed within the terminal on your local machine:
- Extract the .zip file from your downloads folder. A folder is created called org, which will contain the relevant Terraform files.
- Navigate to downloaded org folder, then run the following command: terraform init. The command will run with the text Initializing the backend…
- Once complete, you will see success text in green: Terraform has been successfully initialized, with additional output text below.
- Run the script by running the command: terraform apply. You will see a warning here if you are not logged in or have improper credentials within AWS.
- You will see an output of resources to be created, including Service Account Role, Organization Name, and Organization ID. Enter yes to continue.
- Once finished, you will see success text in green: Apply complete! Resources: XX added, 0 changed, 0 destroyed.
Return to Netskope One DSPM in your browser and click SAVE to finish connecting your AWS Infrastructure.
Your AWS Organization infrastructure connection is now complete, and you are able to discover accounts within the organization and data stores for analysis.
Note: For each AWS Account infrastructure connection, if it is a member of the Organization being onboarded, we consolidate that individual infrastructure connection to fall underneath the Organization within the UI.
Next Steps
- If you have additional AWS Organizations or individual accounts to onboard in Netskope One DSPM, repeat the above steps.
- Connect your discovered Data Stores. For more information, visit our Connecting AWS Data Stores category and select the article(s) applicable to the Data Store Type(s) you wish to connect.