Preparing for Initial CPaaS Deployment

Overview

A Cloud Premises as a Service (CPaaS) deployment of Panther means that your organization owns the AWS account in which Panther is deployed, but Panther performs deployment upgrades.

Before the initial deployment of Panther in your AWS environment, you will need to configure a custom domain, then deploy a CloudFormation stack that creates the IAM role Panther assumes to perform upgrades.

Learn more about CPaaS, and how it differs from other deployment models, on Panther Deployment Types.

How to prepare for your initial CPaaS deployment

To set up a CPaaS deployment of Panther, follow the below steps:

1. Create a new AWS account.

   • Your Panther instance cannot be deployed in an AWS account with existing resources.

2. Create a custom Panther domain by following the Configuring a Custom Domain instructions, skipping the Configure Panther section.

   If you are using Panther-managed Snowflake, you will select an AWS region for your Panther deployment during this step. This region cannot later be changed.

   • Save the outputted CertificateArn and CustomDomain, as you will need them in the next step.

3. Provide your Panther support team the following information:

   • The CertificateArn and CustomDomain you generated in the previous step

   • The AWS region in which you created your custom domain in the previous step

   • Your AWS account ID

4. Deploy the CloudFormation template at the S3 URL provided by Panther, using the values for the three template parameters (DeploymentRoleName, IdentityAccountId, and OpsAccountId) also provided by Panther.

   • This template provisions an IAM role (typically called PantherDeploymentRole) that Panther will assume to perform upgrades. The template will resemble this public version stored in GitHub, but the S3 file your team is provided access to will be the most up-to-date version.

   • See the CloudFormation documentation for instructions on how to create a CloudFormation stack from a template either using the CloudFormation console or using the AWS CLI.

5. Inform your Panther support team that you have finished this process.

   • Panther will then proceed with the deployment.