Setup Multicloud Connectors
Implementation Effort: Medium
Customer IT and Security Operations teams must onboard AWS and GCP environments using connectors, which involves configuration and validation steps.
User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.
Overview
Setting up multicloud connectors in Microsoft Defender for Databases is essential for extending threat protection and security posture management to SQL workloads hosted in AWS and GCP. These connectors allow Microsoft Defender for Cloud to ingest metadata, assess configurations, and apply Defender plans to non-Azure environments.
Key Steps
-
AWS Connector Setup
- Use the Azure portal or automate via REST API and AWS CloudFormation templates.
- Grant required IAM roles and permissions to allow Defender for Cloud to access AWS resources.
-
GCP Connector Setup
- Use the Azure portal or automate via REST API and Google Cloud Shell scripts.
- Assign the necessary roles to the GCP service account and enable required APIs.
-
Automation Option
- You can automate connector deployment using the Defender for Cloud REST API.
- Download the appropriate deployment script (CloudFormation for AWS, Shell script for GCP) from the Azure portal 1.
-
Validation
- After setup, validate that the connectors are active and that resources are being discovered in the Defender for Cloud dashboard.
This setup supports the Zero Trust principle of "Assume Breach" by ensuring visibility and protection across all cloud environments. Without these connectors, SQL workloads in AWS and GCP remain outside the Defender for Cloud security perimeter, increasing the risk of undetected threats.