Pre-Configuration
Provide AWS sub-account
Identify or create an AWS account where the Protegrity solution will be installed. The installation instructions assume the same AWS account and region are used for Cloud Protect API deployment.
AWS Account ID: ___________________
AWS Region: ___________________
Create S3 bucket for Installing Artifacts
This S3 bucket will be used for the artifacts required by the CloudFormation installation steps. This S3 bucket must be created in the region that is defined in Provide AWS sub-account.
To create S3 bucket for installing artifacts:
Sign in to the AWS Management Console and open the Amazon S3 console.
Change region to the one determined in Provide AWS sub-account
Click Create Bucket.
Enter a unique bucket name:
For example,
protegrity-install.us-west-2.example.com.Upload the installation artifacts to this bucket. Protegrity will provide the following artifacts.
protegrity-s3-protector-<version>.zip
Note
The S3 Protector installation deployment package contains artifacts for installing Cloud Protect Cloud API. If installing the Cloud API version included with S3 Protector, you may unzip the Cloud API bundle as well. The same S3 bucket may be used to upload those artifacts. For more information on Cloud API installation, check the Cloud API on AWS installation guide.Important
The deployment package you receive from Protegrity must be extracted to reveal the Protegrity artifacts. CloudFormation requires them in the provided .zip format. Do not extract the individual Protegrity artifacts. Upload these artifacts to the S3 bucket created.Artifact S3 Bucket Name: ___________________
Cloud Protect API function
Protegrity Cloud Protect API on AWS is required for the S3 Protector installation. See the Cloud Protect API on AWS documentation to create a new installation if one is not already available in your account/region. With Cloud Protect API on AWS installed, follow the below instructions to obtain the ARN of the protector lambda function.
Follow these steps to obtain Cloud API Lambda ARN.
Access the AWS Management Console.
Navigate to the Cloud Protect API function in the AWS Lambda service.
Open the Cloud Protect API function.
From the Lambda view, choose Aliases, then click on Production alias.
At the top right, copy the Lambda function ARN and record it. The Cloud API Production Alias ARN will be used later in this installation guide when creating IAM policy and deploying S3 Protector with Cloud Formation template.
Cloud Protect API function ARN: ____________________
S3 Buckets For Input And Output Data
Two S3 buckets are required. One bucket is used for incoming files. The second bucket is used for files processed by the S3 Protector. The buckets must be different. The S3 buckets should be created in the region that is defined in Provide AWS sub-account.
Note
Before continuing it is critical to understand Amazon S3 security concepts and best practices. You can refer to AWS S3 Best Practices for the list of recommend S3 security configuration, however it is strongly recommended to check the AWS official documentation for more details.Identify existing bucket names or follow the steps below to create new buckets.
Sign in to the AWS Management Console and open the Amazon S3 console.
Change region to the one determined in Provide AWS sub-account
Select Create Bucket.
Enter a globally unique bucket name. For example: in.us-west-2.example.com or out.us-west-2.example.com.
Scroll down and configure S3 bucket security features. It is strongly recommend to keep Block all public access on. It is also recommend to enable server-side encryption.
Note
Additional S3 security features can be configured after the bucket is created. Refer to AWS documentation for more details.Record bucket names. They will be required later in this installation guide.
Input S3 Bucket Name: ____________________
Output S3 Bucket Name: ____________________
What’s Next
Feedback
Was this page helpful?