Skip to main content

 

 

Cisco Defense Orchestrator

Onboard an AWS VPC

Before Onboarding your AWS VPC

Before onboarding your Amazon Web Services (AWS) Virtual Private Cloud (VPC) to CDO, review these prerequisites and qualifications:

  • Review Connect Cisco Defense Orchestrator to Your Managed Devices for the networking requirements needed to connect CDO to your AWS VPC.
  • CDO does not support peered AWS VPCs. If you attempt to onboard a peered VPC referencing a security group that is defined on the peer VPC, the onboarding process fails. 
  • To onboard an AWS VPC, you will need the AWS VPC's access key and secret access key both of which are generated using the Identity and Access Management (IAM) console. See Understanding and Getting Your Security Credentials for more information. 
  • Configure the permissions to allow CDO to communicate with your AWS VPC. See Changing Permissions for an IAM User for more information. See the following example for the required permissions:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:UpdateSecurityGroupRuleDescriptionsEgress",
                "ec2:DescribeInstances",
                "ec2:DescribeVpnConnections",
                "ec2:DescribeRegions",
                "ec2:DescribeSecurityGroups",
                "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:DescribeVpcs",
                "ec2:RevokeSecurityGroupEgress",
                "sts:GetCallerIdentity",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpnGateways"
            ],
            "Resource": "*"
        }
    ]
}

Onboarding Procedure

To onboard an AWS VPC to CDO, follow this procedure:

  1. From the CDO Navigation Bar, click Devices & Services. 
  2. Click the blue plus button blue_cross_button.png to begin onboarding the device.
  3. Click the AWS VPC tile.
  4. Enter the Access Key ID and Secret Access Key credential to connect to the AWS account. The generated list of names are retrieved from the AWS VPC you supplied login credentials to.
  5. Click Connect
  6. Select a Region From the drop-down menu. The region selected should be where the VPC is local to. 
  7. Click Select
  8. Use the drop-down menu to select the correct AWS name. The generated list of names are retrieved from the AWS VPC you supplied login credentials to. Select the desired AWS VPC from the drop-down menu. Note that AWS VPC IDs names are unique, and there cannot be two or more instances with the same ID. 
  9. Click Select
  10. Enter a name to be shown in the CDO UI. 
  11. Click Continue
  12. (Optional) Enter a label for the device. Note that if you create labels for an AWS VPC, the tables are not automatically synchronized to your device. You must manually recreate the labels as tags in the AWS console. See Labels and Label Groups for more information.
  13. Click Continue
  14. Return to the Devices & Services page. After the device has been successfully onboarded, you will see that the Configuration Status is "Synced" and the Connectivity state is "Online." 

Related Articles:

  • Was this article helpful?