The following process describes how to redeploy AWS Control Tower integration. Customers may want to redeploy their integration to take advantage of bug fixes and updates to cross-account policies.
To redeploy your AWS Control Tower integration, use the following two-part process:
Capture Current Parameters
First, the current parameters must be captured to use in the new deployment.
- Collect current stack parameters from the integration stack in Cloud Formation.
- Alert Logic Customer ID
- Org ID
- Account IDs:
- Log Archive
- Audit
- Security / Alert Logic integration account
- Control Tower master region
- Include / Exclude settings
- Ensure access to existing Alert Logic API key or create a new key
- Note: We recommend leaving the GuardDuty options turned off and deploying the GuardDuty collector separately in the centralized GuardDuty account and region.
Clean Up the Integration
Before redeploying, you must clean up the integration by deleting all existing stacksets and stacks.
- Delete stacksets – For each of the three integration stacksets in order (AlertLogic-CT, AlertLogic-CT-Central-IAM-Role, AlertLogic-CT-Security-Account-Setup), complete the following:
- Open the stackset from the CloudFormation Stacksets list.
- Select the ‘Stack Instances’ page.
- Build a comma-separated value (CSV) list of all stack instances.
- Select ‘Delete stacks from StackSet’ from the Actions menu on the top right of the page.
- Paste the list of accounts in the Account Numbers field.
- Select ‘Add all regions’ from the Specify Region section.
- Optionally, adjust the deployment options to speed up the removal process
- This option will primarily only help the AlertLogic-CT stackset as the other stacksets only have one or two instances in them.
- Continue to the next page, then submit the stackset change.
- Wait for the stack instance removal to complete.
- Select ‘Delete Stackset’ from the Actions menu.
- Once the stacksets are cleaned up, the main integration stack can be deleted.
Redeploy the AWS Control Tower Integration
Once these two processes have been completed, you can redeploy the integration using the Deployment with AWS Control Tower procedure.
If you have any questions or need assistance in redeploying your integration, contact Alert Logic Support.
Comments
0 comments
Please sign in to leave a comment.