This article describes the AWS Securlet prerequisites.

This requires that you decide to either activate as a Single vs Multiple AWS accounts (at once). If you have a single AWS account, proceed with the 'single-account' method. If you have multi AWS tenancy under a Control Tower / AWS Organizations, you can either selectively activate only the tenants desired by individually activating those desired AWS tenants via the 'Single' activation dialogue instead of Multiple (at once) approach which assumes all tenants within the Control Tower will be activated under the AWS Securlet. 

Elastica CloudSOC Prerequisites for the AWS Securlet

AWS Securlet single-account prerequisites:
•  Meet the following prerequisites to enable the AWS Securlet on your CloudSOC account:
•  Administrative privileges for the CloudSOC tenant.
•  Permissions required to run the CloudFormation Template (CFT) in single account mode.
•  Confirmation that your current usage tier is adequate for the CloudSOC integration, as described in Monitor the status of your volumes.

AWS Securlet multi-account prerequisites:

•  AWS Management Account: Your AWS implementation must have a Control Tower to orchestrate the multiple AWS accounts in your IaaS estate.

Every Control Tower implementation has a corresponding management account, which allows for the efficient management of its child accounts. These accounts can be onboarded in CloudSOC using a single CloudFormattion Template (CFT). If you have existing accounts and organizational units that are created outside of Control Tower, you can bring them into AWS Control Tower governance. For more information on AWS Control Tower, refer to the original AWS documentation at What Is AWS Control Tower?.

If you have multiple accounts without the AWS Control Tower or AWS OU, the accounts are treated as a single account and you need to onboard them in CloudSOC one-by-one using the CloudFormation Template (CFT).

•  Required guardrail policy is added.
•  You have Enable trusted access with all AWS organizations.
•  All child accounts must have the required permissions and lambdaExecutionRole.
•  CloudSOC API Key: Create a CloudSOC API key and make a note of the Key ID, Key Secret, and Tenant.