Prisma Cloud: How to Automatically Add Missing Role Permissions in AWS to Resolve Amber Cloud Account Status
3274
Created On 10/23/22 02:51 AM - Last Modified 02/07/25 22:25 PM
Objective
In this How To you will learn how to manually add missing Prisma Cloud role permissions in AWS via CloudFormation to resolve amber cloud account status.
Environment
- Prisma Cloud
- AWS
Procedure
If you notice that your AWS cloud account is signaling an amber status, it could be because of missing permissions.
Prisma Cloud and AWS update permissions periodically according to new releases.
This may require the users to manually update their permissions.
Please follow the steps below to remediate the issue:
GUI Path: Prisma Cloud > Settings > Providers > Edit Cloud Account
- Sign in to your AWS Console and go to CloudFormation
- Ensure that you have CloudFormation administrator permissions.
- Select Prisma Cloud Stack created from the CloudFormation template
GUI Path: Prisma Cloud > Stacks > Select Prisma Stack > Update existing stack
- Update stack with latest up to date CloudFormation template by running through the onboarding procedure in the documentation.
- Then hit Next > Next > Next and customize stack settings to your environment and Save the newest permissions will be incorporated automatically. Allow for an ingestion cycle of 4 hours to Prisma Cloud to pick up the newly added permissions. Then your cloud account status will revert back to green for Config permissions.
*Make sure you download a new CFT template from the onboarding procedure and upload the template file while updating the stack.*
Additional Information
View our documentation here on how to onboard an AWS cloud account into Prisma Cloud.