Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Onboarding AWS accounts within self-hosted Netskope One DSPM instances

    Table of Contents

    Overview Instructions Next Steps

    This article applies to customers using self-hosted Netskope One DSPM instances. For Netskope One DSPM-hosted customers, please visit our Onboarding AWS accounts within Netskope One DSPM-hosted tenants article.

     

    Overview

    These instructions are used for onboarding AWS Accounts as Infrastructure Connections within Netskope One DSPM. Such connections permit Netskope One DSPM to discover your available Data Stores and facilitate scanning & classification activities. You will repeat these steps for each AWS Account you wish to onboard to Netskope One DSPM.

    Instructions

    The specific steps to follow depend on the nature of the AWS Account you wish to onboard. These steps may include actions you need to perform within the AWS Console. Click the tab below which corresponds to the AWS Account in question:

    AWS Account Hosting Netskope One DSPM

    Generate API Keys

    You may already have these keys handy as a result from Installing Netskope One DSPM via AWS CloudFormation. If not, generate a new pair via using following instructions:

    Generate API Keys

    Navigate to the IAM Management Console > Users section . The Users list is dis

    1. Navigate to the IAM Management Console > Users section.
    2. The Users list is displayed.
    3. In the User name column, click on the Netskope One DSPMUser hyperlink.
    4. The User Summary screen is displayed.
    5. Navigate to the Security credentials tab.
    6. Under the Access Key section, click the Create access key button.
    7. The Create access key modal is displayed.
    8. Download or copy the following values to your local machine for later use:
      1. Access key ID
      2. Secret access key

    Create Netskope One DSPM Infrastructure Connection

    Infrastructure Connection: API Keys

    Log into Netskope One DSPM UI Click Add Infrastructure button Select Using API Key radio but

    1. Log into Netskope One DSPM.
    2. Navigate to the Administration > Infrastructure Connections screen > AWS tab.
    3. Click the Add Infrastructure button.
    4. Select the Using API Key radio button.
    5. Enter the following values:
    Field Value
    Account Name Any value (this is used to identify your infrastructure connection within the Netskope One DSPM UI).
    Access Key ID Enter the Access key ID value from the previous section above.
    Secret Key Enter the Secret access key value from the previous section above.
    Auto-Discovery On (turning this off will prevent Netskope One DSPM from automatically discovering new Data Stores within your AWS account).
    1. Click the Acknowledge button.
     
     

    Different AWS Account

    Configure CloudFormation Stack

    Configure CloudFormation Stack: Secondary Users

    Configure CloudFormation Stack: Instructions For the account where you will confi

    Configure CloudFormation Stack: Instructions

    For the account where you will configure the CloudFormation stack, log into the A

    1. For the account where you will configure the CloudFormation Stack, log into the AWS console. The CloudFormation Stacks dashboard is displayed.
    2. Select the target region, if necessary.
    3. On the dashboard, click the Create Stack button and select the “With new resources (standard)“ option. The Step 1 screen is displayed.
    4. Under the Specify template section, enter the following value in the Amazon S3 URL field:
    https://dasera-release.s3.us-west-2.amazonaws.com/CreateNetskope One DSPMUser.json

    Excerpt: AWS: Configure CloudFormation Stack: Instructions 3

    Proceed with configuring the remainder of your CloudFormation deployment as desired. When ready, navigate to the final step, click the Submit button, and monitor the build to completion.

    To learn more about the resources created by the above actions, please expand the following section:

    Resources Created

    On the Resources tab, the following resources are listed:

    Resource Type Resource Name
    IAM Policy Netskope One DSPMPolicy
    IAM Role Netskope One DSPMRole
    IAM Role Netskope One DSPMGlueServiceRole
    IAM User Netskope One DSPMUser

    Configure CloudFormation Stack: Roles

    In addition, the following permissions are assigned to the new IAM Roles:  Role N

    In addition, the following permissions are assigned to the new IAM Roles: 

    Role Name: Netskope One DSPMRole

    Permission Name Purpose
    AWSGlueConsoleFullAccess Provides full access to AWS Glue via the AWS Management Console
    AmazonEC2ReadOnlyAccess For getting regions and instance IDs
    AmazonRDSReadOnlyAccess For discovering RDS clusters
    AmazonRedshiftReadOnlyAccess Required for discovering RedShift clusters
    AmazonAthenaFullAccess Required for discovering Athena clusters and running scans
    AmazonS3ReadOnlyAccess Required for scanning S3
    AmazonDynamoDBReadOnlyAccess Required for scanning DynamoDB

    Role Name: Netskope One DSPMGlueServiceRole

    Permission Name Purpose
    AmazonS3ReadOnlyAccess Required for scanning S3
    AWSGlueServiceRole Required to allow access to related services including EC2, S3, and Cloudwatch Logs
     
     

    Generate API Keys

    Once your deployment is complete, generate API keys for later use in connecting Netskope One DSPM to the current AWS Account.

    Generate API Keys

    Navigate to the IAM Management Console > Users section . The Users list is dis

    1. Navigate to the IAM Management Console > Users section.
    2. The Users list is displayed.
    3. In the User name column, click on the Netskope One DSPMUser hyperlink.
    4. The User Summary screen is displayed.
    5. Navigate to the Security credentials tab.
    6. Under the Access Key section, click the Create access key button.
    7. The Create access key modal is displayed.
    8. Download or copy the following values to your local machine for later use:
      1. Access key ID
      2. Secret access key

    Create Netskope One DSPM Infrastructure Connection

    Infrastructure Connection: API Keys

    Log into Netskope One DSPM UI Click Add Infrastructure button Select Using API Key radio but

    1. Log into Netskope One DSPM.
    2. Navigate to the Administration > Infrastructure Connections screen > AWS tab.
    3. Click the Add Infrastructure button.
    4. Select the Using API Key radio button.
    5. Enter the following values:
    Field Value
    Account Name Any value (this is used to identify your infrastructure connection within the Netskope One DSPM UI).
    Access Key ID Enter the Access key ID value from the previous section above.
    Secret Key Enter the Secret access key value from the previous section above.
    Auto-Discovery On (turning this off will prevent Netskope One DSPM from automatically discovering new Data Stores within your AWS account).
    1. Click the Acknowledge button.
     
     

    Next Steps

    Connect your discovered Data Stores. For more information, visit our Connecting AWS Data Stores category and select the article(s) applicable to the Data Store Type(s) you wish to connect.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support