You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/quickstart-onboard-aws.md
+4-11Lines changed: 4 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -161,27 +161,20 @@ The native cloud connector requires:
161
161
162
162
Defender for Cloud will immediately start scanning your AWS resources and you'll see security recommendations within a few hours. For a reference list of all the recommendations Defender for Cloud can provide for AWS resources, see [Security recommendations for AWS resources - a reference guide](recommendations-reference-aws.md).
163
163
164
-
## Understanding CloudFormation
164
+
## CloudFormation deployment source
165
165
166
-
As part of connecting an AWS account to Microsoft Defender for Cloud, a CloudFormation template is generated. This CloudFormation template creates all the required resources so Microsoft Defender for Cloud can connect to the AWS account.
167
-
168
-
169
-
170
-
### AWS CloudFormation deployment
166
+
As part of connecting an AWS account to Microsoft Defender for Cloud, a CloudFormation template should be deployed to the AWS account. This CloudFormation template creates all the required resources so Microsoft Defender for Cloud can connect to the AWS account.
171
167
172
168
The CloudFormation template should be deployed using Stack (or StackSet if you have a management account).
173
169
174
170
When deploying the CloudFormation template, the Stack creation wizard offers the following options:
-**Amazon S3 URL** - Create a new S3 bucket where a template will be auto-generated for you.
179
-
180
-
-**Upload a template file** -Here you can upload the downloaded CloudFormation template to your own S3 bucket with your own security configurations.
174
+
1.**Amazon S3 URL** – upload the downloaded CloudFormation template to your own S3 bucket with your own security configurations. Here you should provide the URL to this S3 bucket in the AWS deployment wizard.
181
175
182
-
-**Amazon S3 URL**- Enter a previously created S3 URL. AWS will automatically create a S3 bucket in which the CloudFormation template will be saved.
176
+
1.**Upload a template file**– AWS will automatically create an S3 bucket in which the CloudFormation template will be saved. Please note that with this automation the S3 bucket will be created with a security misconfiguration which will result in a security recommendation “S3 buckets should require requests to use Secure Socket Layer”. This recommendation can be fixed by applying the following policy:
183
177
184
-
This automated S3 bucket will be created with a security misconfiguration which will result in the security recommendation `S3 buckets should require requests to use Secure Socket Layer`. This recommendation can be fixed by applying the following policy:
0 commit comments