How to Onboard Single AWS Account via terraform in Prisma Cloud

• Prisma Cloud
• AWS Onboarding
• Terraform

Steps to onboard a single AWS Cloud Account using Terraform template:

1.  Begin with the main.tf script as shown in our API terraform documentation here.
2.  In the ".prismacloud_auth.json" credentials file, replace "api.eu.prismacloud.io" with "api3.prismacloud.io" for API access (not console access).
3.  Create Prisma API access tokens with "System Admin" privileges. Any other role cannot create an account.
4.  Generate a JWT token for Prisma API access using the following curl command and the Access Tokens from step 3:

curl -X POST \
https://api3.prismacloud.io/login \
-H 'Content-Type: application/json' \
-d '{"username":"11111111","password":"22222222"}'

5. Derive the account group UUIDs needed for step 6 using the following python script, replacing 33333333 with the token from step 4.

import requests
url = "https://api3.prismacloud.io/cloud/group"
querystring = {"excludeCloudAccountDetails":"false"}
headers = {"x-redlock-auth":"33333333"}
response = requests.request("GET", url, headers=headers,
params=querystring)
print(response.text)

6. Remove the second resource from main.tf above using the following snippet. It will create an account group, rather than using an existing one.

resource "prismacloud_account_group" "g1" {
name = "My group"
}

7.  Instead use the following syntax within the account resource creation section. Replace 111122223333444 with real account group UUIDs (see step 5)

group_ids = [
"1111222233334444"
]

8.  Run terraform and apply

terraform init
terraform fmt
terraform validate
terraform apply
to create a new Prisma account, and have it included in a Prisma account group.