Preparing for Initial Cloud Connected Deployment
A Cloud Connected deployment of Panther means that your organization owns the AWS account in which Panther is deployed, but Panther performs deployment upgrades.
Before the initial deployment of Panther in your AWS environment, you will need to configure a custom domain, then deploy a CloudFormation stack that creates the IAM role Panther assumes to perform upgrades.
To set up a Cloud Connected deployment of Panther, follow the below steps:
- 1.Create a new AWS account.
- Your Panther instance cannot be deployed in an AWS account with existing resources.
- Save the outputted
CustomDomain, as you will need them in the next step.
- 3.Provide your Panther support team the following information:
- 4.Deploy the CloudFormation template at the S3 URL provided by Panther, using the values for the three template parameters (
OpsAccountId) also provided by Panther.
- This template provisions an IAM role (typically called
PantherDeploymentRole) that Panther will assume to perform upgrades. The template will resemble this public version stored in GitHub, but the S3 file your team is provided access to will be the most up-to-date version.
- 5.Inform your Panther support team that you have finished this process.
- Panther will then proceed with the deployment.