Learn how to deploy the Terraform authentication template in Amazon Web Services.
When you select the manually deploy the template, you must connect to AWS Management Console to create a stack using the template file.
In AWS Management Console, navigate to CloudFormation.
On the Stacks page, click Create stack, and then select With new resources (standard).
On the Create stack page, in Prerequisite - Prepare template, select Choose an existing template.
In Specify template, select Upload a template file, then click Choose file and upload the template downloaded from Cortex Cloud. Click Next.
In the Specify stack details page, enter a Stack name.
In Parameters, review the values pre-populated by Cortex Cloud: ExternalID, OutpostRoleArn, and CortexPlatformRoleName. Do not change these values. The ExternalID is unique to your Cortex Cloud tenant and acts as a shared secret in the role's trust policy. Replacing it will prevent Cortex Cloud from assuming the role.
In Parameters, if you have enabled custom log collection, enter the following details:
CloudTrailKmsArn: (Optional) The ARN of the AWS KMS key used to encrypt the CloudTrail log files.
CloudTrailLogBucket: The name of the Amazon S3 bucket where CloudTrail stores the log files.
CloudTrailSnsArn: The ARN of the Amazon SNS topic that CloudTrail uses to send notifications when new log files are delivered.
Click Next and Next again.
In Review, in the Capabilities section, acknowledge that CloudFormation might create IAM resources with custom names and click Submit. (This is required because the template creates the IAM roles Cortex Cloud uses to access your account.) The stack is complete when it appears in the Stacks list with status of CREATE_COMPLETE.
When the template is successfully uploaded to AWS and the stack creation is complete, the Lambda notification will update Cortex Cloud and the cloud instance will appear as Connected. The initial discovery scan is then started. When the scan is complete, you can view the discovered assets in Asset Inventory.