Ctrlk

AWS Cloud Onboarding

New to Fusion cloud onboarding? Start with Fusion Onboarding for Cloud Engineers for deployment models, scope planning, and cloud-specific guidance.

Use one of these three paths to configure AWS VPC flow logs, Route 53 Resolver logs, and onboarding to Fusion.

Choose the path that fits your environment:

  • Manual onboarding — best for a small number of VPCs or an initial PoC

  • Vectra onboarding automation — best for large or dynamic AWS environments

  • Custom IaC automation — best if you prefer integrating to your existing IaC

1. Manual onboarding

Follow step-by-step guides to configure AWS and Fusion and onboard each VPC.

Best for

Organizations with a small number of VPCs that rarely change, or for an initial PoC.

Next steps

2. Vectra Cloud Onboarding Automation for AWS Organizations

For detailed documentation, see Vectra Terraform / CloudFormation StackSet Cloud Onboarding Automation for AWS Organizations.

robot

Using Terraform to automate onboarding

Access Vectra's Terraform automation at https://github.com/netography/neto-onboarding.

For access to the repo, reach out to your Vectra contact with your GitHub ID or request the latest release package.

Vectra provides the neto-onboarding Terraform project for AWS Organizations, Azure Tenants, and GCP Organizations.

This automation can:

  • Enable and configure AWS VPC flow logs, Azure VNet flow logs, and GCP VPC flow logs based on policy and tags

  • Deploy the infrastructure required to integrate with Fusion across multiple accounts, subscriptions, or projects

  • Adds VPCs/VNets configured for flow logging to Vectra Fusion as traffic sources.

  • Deploy a single AWS Lambda, Azure Function, or Google Cloud Function for context enrichment across all in-scope environments

  • Monitor for VPC and VNet changes, onboard new in-scope networks, and offboard networks that leave scope

Best for

Organizations that want a complete, supported, end-to-end solution for managing flow log configuration and onboarding to Fusion. This is usually the fastest path for large, dynamic, or multi-cloud environments.

Next steps

  • Reach out to your Vectra contact and request access to the GitHub repo.

  • Include your GitHub ID, or request the latest release package.

3. Custom IaC automation

Use your existing automation pipelines or scripts to:

  • Deploy the IAM policy and custom role needed for Vectra to read flow logs from S3 buckets

  • Configure VPC Flow Logs on each VPC to write to S3

  • Call the Fusion API to create a Fusion traffic source for each VPC, or for each account and region when using a centralized S3 destination

Best for

Organizations experienced with AWS IaC that already provision VPCs or VPC flow log configurations through automation and want to extend that workflow to Fusion.

Next steps

PreviousFusion Onboarding for Cloud EngineersNextAWS Custom IAC Onboarding for Cloud Automation Engineers

Last updated