Cloud Connected
Panther Cloud Connected deployments
Last updated
Was this helpful?
Panther Cloud Connected deployments
Last updated
Was this helpful?
Under the Cloud Connected deployment model, your organization owns the Snowflake and AWS accounts in which your Panther instance is deployed, while Panther manages initial deployments and subsequent upgrades. To deploy a Cloud Connected instance of Panther, follow the instructions in .
In the Cloud Connected model, Panther performs deployment and maintenance work by assuming an IAM role named PantherDeploymentRole
. When a Cloud Connected instance is deployed, Panther will self-monitor by automatically ingesting audit logs produced by your AWS account. This allows you to monitor actions taken by the PantherDeploymentRole
, as well as any other IAM role.
After your Panther deployment is complete, you can .
Learn about Panther's other deployment models on .
Aside from the modifications in AWS you are asked to make as part of the , it is highly discouraged to make any additional changes to the AWS account your Panther infrastructure resides in, including creating additional resources (such as sources) and/or updating any permissions. Such changes may interfere with Panther's automation software.
Follow the instructions in .
You can monitor your Panther-related spend in AWS by using the .
If you have not already, .
View the to explore usage and cost amounts.
Use the Filter and Group by fields to narrow your search to certain services, tag names, and/or usage types.
Learn more about Panther and customer-defined .
In order to provide a SaaS-like experience, Panther monitors Cloud Connected deployments using the following tools:
Panther defines the following tags on your AWS resources:
panther:app
panther:resource
panther:subsystem
panther:version
It's possible to add custom tags to your AWS resources, if you would like. Doing so may aid in your billing analysis.
To add custom tags, reach out to your Panther support team with the list of tag keys and values.
Panther maintains the pantheraccountadmin
user credentials in a secure location.
If needed, you can create and maintain several users with read-only access to the Panther data lake tables. To do so, run the following commands (using the pantheraccountadmin
user or another SECURITYADMIN
-enabled user on your Snowflake account):
Disabling the pantheraccountadmin
user may prevent Panther from being able to:
Perform credential rotation
Deploy new data lake features requiring ACCOUNTADMIN
-level permissions
If you choose to disable the pantheraccountadmin
user despite the implications above, you may do so using the following commands:
If a Panther upgrade requires privileged access, the user can then be temporarily re-enabled:
If you need to decommission a Panther deployment, you can simply terminate the AWS and Snowflake accounts. If you'd like to retain you Snowflake data, you can preserve that account while terminating the AWS account.
for metrics and system logs
for alerting on errors
for user and product analytics
Panther defines tags on your AWS resources, which may be useful in cost analysis. In order for them to be used, you must first .
It's recommended to .
Enable certain functionality, such as