1. Overview

You can integrate Prisma Cloud with AWS Systems Manager Parameters Store. First configure Prisma Cloud to access the Parameters Store, then create rules to inject the relevant secrets into the relevant containers.

Prerequisites:

  • The service account Prisma Cloud uses to access the Parameters Store must have the following permissions. These permissions are part of pre-existing policy named AmazonSSMReadOnlyAccess. For more information, see Configure User Access for Systems Manager.

    • ssm:Get*

    • ssm:List*

  • You have created a secret in your Parameters Store. Prisma Cloud supports all parameter types. Note, however, that StringList is injected "as-is". For example, if the value you specify for parameter of type StringList is twistlock,test,value, then the injected environment variable would look like this:

    ENV_VAR=twistlock,test,value
    aws systems manager parameter store param type
  1. Open Prisma Cloud Console.

  2. Integrate Prisma Cloud with the store.

    1. Go to Manage > Authentication > Secrets, and click Add store.

    2. Enter a name for the store. This name is used when you create rules to inject secrets into specific containers.

    3. For Type, select AWS Systems Manager Parameters Store.

    4. Fill out the rest of the form, specifying how to connect to the store.

    5. Click Add.

      After clicking Add, Prisma Cloud tries conecting to your store. If it is successful, the dialog closes, and an entry is added to the table. Otherwise, any connection errors are displayed directly in the configuration dialog.