Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Publishing to AWS SNS

    Table of Contents

    Overview Configure AWS SNS Topic Configure the AWS IAM Policy & Role Configure Policy Configure Role Configure the AWS Service Account

    Overview

    Netskope One DSPM supports sending notifications via AWS SNS, either within the same AWS account or between different AWS accounts.  This requires granting additional permissions to the Netskope One DSPM-specific service account in AWS.  Please follow the steps below to create the necessary configurations within the AWS console.

    Configure AWS SNS Topic

    If you have an existing AWS SNS Topic you wish to receive notifications, copy its ARN value to your clipboard, for use in the next section. Otherwise, follow these instructions to setup a new Netskope One DSPM-specific AWS SNS Topic.

    1. Click this link to log into your AWS SNS Console, which will navigate you to Simple Message Service.
    2. Under Dashboard in the left-hand menu, navigate to Topics
       
    3. Click the Create Topic button
    4. On the next screen, complete the following fields:
      1. Name
      2. Display Name
    5. Click the Save button

    Once the save is complete, copy the generated ARN value to your clipboard, for use in the next section.

    Configure the AWS IAM Policy & Role

    Netskope One DSPM will require permission to publish to your desired AWS SNS Topic. This configuring a Netskope One DSPM-specific IAM Policy and IAM Role, the latter of which will eventually be assigned to the Netskope One DSPM-dedicated AWS user.

    Configure Policy

    1. Click this link to log into your AWS IAM Console, which will navigate you to IAM.
    2. Under Dashboard in the left-hand menu, navigate to Policies
    3. Click the Create Policy button
    4. Click the JSON tab
    5. Copy the following JSON and paste into the AWS IAM console:
    {
    "Version": "2012-10-17",
    "Statement": [
       
        {
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": "arn:aws:sns:<region>:<account>:<Netskope One DSPM Radar_topic>"
        },   
   ]
}
    1. Edit the Resource value to substitute your AWS SNS Topic’s ARN (as copied earlier in the prior section).
    2. Configure the remainder of the AWS IAM Policy as desired (Tags, etc.).
    3. Click the Save button.

    Configure Role

    1. Under Dashboard in the left-hand menu, navigate to Roles.
    2. Click the Create Role button.
    3. The Step 1: Select Trusted Entity screen is displayed.
    4. Complete the following values:
      1. Trusted Entity Type: AWS Service
      2. Use Case: EC2
    5. Click the Next button.
    6. The Add Permissions screen is displayed.
    7. Search for the AWS IAM Policy you created earlier.
    8. Click the Next button.
    9. The Name, Review, and Create screen is displayed.
    10. Complete the following values:
      1. Role Name: any value, but it is recommended you include the name “Netskope One DSPM” (ex: Netskope One DSPMSNSServiceRole)
      2. Tags (optional)
    11. Click the Create Role button

    Configure the AWS Service Account

    1. Click this link to log into your AWS IAM Console, which will navigate you to IAM.
    2. Under Access Management in the left-hand menu, navigate to Users.
    3. Under the Users list, find the Netskope One DSPM-dedicated service account and click its name hyperlink.
    4. The User Summary is displayed.
    5. Under the Permissions tab, click the Add Permissions button.
    6. Search for & include Role Name created in the Configure Role section above.
    7. Click the Save button.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support