What are the steps to connect a cloud account to a mature Guardrails workspace with lots of policy settings in Enforce? This is a different requirement than a POC customer who is testing out Guardrails for the first time.
Process Proposal
Create a folder specifically for this sensitive account (aka: ZZZ)
On the folder set these policy settings:
Turbot > Change Window to No Changes.
AWS > Turbot > Event Handlers [Global] to Skip. (We do this so the event pollers will automatically enable in this account.)
Import the ZZZ account into the new folder using the Guardrails console.
Discovery happens as usual.
Identify any controls in error.
Evaluate the alarms that pop up. Be very thorough.
If you're comfy with what Guardrails would do, delete the Change Window and Event Handlers [Global] policies.
Move the ZZZ account to the same folder as all the other accounts of this type (NonProd, Prod, Sandbox).
What are the steps to connect a cloud account to a mature Guardrails workspace with lots of policy settings in
Enforce? This is a different requirement than a POC customer who is testing out Guardrails for the first time.Process Proposal
Turbot > Change WindowtoNo Changes.AWS > Turbot > Event Handlers [Global]toSkip. (We do this so the event pollers will automatically enable in this account.)