Cloud Connected

Panther Cloud Connected deployments


Under the Cloud Connected deployment model, your organization owns the Snowflake account and the AWS account in which your Panther instance is deployed, while Panther manages initial deployments and subsequent upgrades of the platform. Panther performs this work by assuming an IAM role named PantherDeploymentRole that you create using a CloudFormation template provided by Panther.

When a Cloud Connected instance is deployed, Panther will self-monitor itself by automatically ingesting audit logs produced by your AWS account. This allows you to monitor actions taken by the PantherDeploymentRole, as well as any other IAM role.

Follow the documentation to work with Panther on configuring your Cloud Connected account. This includes the following steps:

Learn about Panther's other deployment models on Panther Deployment Types.

Panther may leverage third-party software in your Panther instance to monitor application performance and collect user and product analytics. For more information, reach out to your Panther support team.

Cloud Connected requirements

Cloud Connected deployments are subject to several stipulations, including:

  • A new or empty AWS account.

  • A new or empty Snowflake account.

    • Certain Panther features require Snowflake Enterprise or higher. Learn more here.

  • The manual creation of ACM Certificates and DNS records for certain Panther endpoints.

  • The deployment of CloudFormation templates.

  • The addition of exceptions to AWS Organization Service Control Policies (SCP) to allow Panther to deploy and operate as expected.

Monitoring your Panther AWS costs

You can monitor your Panther-related spend in AWS by using the AWS Cost Explorer.

  1. If you have not already, enable Cost Explorer.

  2. View the Cost Explorer chart to explore usage and cost amounts.

    • Use the Filter and Group by fields to narrow your search to certain services, tag names, and/or usage types.

Last updated