# Implementation
<a name="implementation"></a>

 To implement an AWS Security Platform as a Service (PaaS) that provides a unified security operations console, complete the following tasks. 

## Tasks
<a name="tasks"></a>

### Task 1: Deploy the core AWS security platform
<a name="task-1-deploy-core-aws-security-platform"></a>

Deploy the Security Lake integration framework:
+  **Primary configuration**: See the [config.example.yaml](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/security-lake/cdk/config.example.yaml) file in the sample-aws-security-lake-integrations repository on GitHub. 
+ **Deployment scripts**: See the [deployment scripts](https://github.com/aws-samples/sample-aws-security-lake-integrations/tree/main/integrations/security-lake/cdk) in the sample-aws-security-lake-integrations repository on GitHub.

### Task 2: Configure multi-cloud integrations
<a name="task-2-configure-multi-cloud-integrations"></a>

Configure Azure Integration using deployment templates:
+ **Azure infrastructure**: See the [deployment templates](https://github.com/aws-samples/sample-aws-security-lake-integrations/integrations/azure/microsoft_defender_cloud/terraform/) in the sample-aws-security-lake-integrations repository on GitHub. 
+ **Azure configuration**: See the [terraform.tfvars](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/azure/microsoft_defender_cloud/terraform/terraform.tfvars.example) file in the sample-aws-security-lake-integrations repository on GitHub.

Configure GCP Integration using deployment templates located at:
+ **GCP infrastructure**: See the [deployment templates](https://github.com/aws-samples/sample-aws-security-lake-integrations/tree/main/integrations/google_security_command_center/terraform) in the sample-aws-security-lake-integrations repository on GitHub.
+ **GCP configuration**: See the [terraform.tfvars](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/google_security_command_center/terraform/terraform.tfvars.example) in the sample-aws-security-lake-integrations repository on GitHub. 

### Task 3: Establish cross-cloud connectivity
<a name="task-3-establish-cross-cloud-connectivity"></a>

Configure cross-cloud credentials using automation scripts:
+ **Azure credential configuration**: See the [configure-secrets-manager.sh](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/azure/microsoft_defender_cloud/scripts/configure-secrets-manager.sh) file in the sample-aws-security-lake-integrations repository on GitHub.
+ **GCP credential configuration**: See the [ configure-secrets-manager.sh](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/google_security_command_center/scripts/configure-secrets-manager.sh) file in the sample-aws-security-lake-integrations repository on GitHub.

### Task 4: Validate Unified Console
<a name="task-4-validate-unified-console"></a>

Access the Amazon OpenSearch Service Security Analytics Dashboard to verify multi-cloud data ingestion and unified console functionality.
+ **Validation procedures**: See the [validation queries and procedures](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/security-lake/docs/CONFIG_SCHEMA.md) in the sample-aws-security-lake-integrations repository on GitHub.

### Task 5: Clean up resources
<a name="task-5-clean-up"></a>

 To remove all deployed resources, run the following: 

```
cd integrations/security-lake/cdk
cdk destroy -c "configFile=config.example.yaml"
```

**Azure resource clean up**: Navigate to your Azure Terraform configuration and run the following:

```
cd integrations/azure/microsoft_defender_cloud/terraform
# Preview what will be destroyed
terraform plan -destroy
```

After confirming what will be destroyed, run the following:

```
# Destroy all resources
terraform destroy
```

**GCP resource clean up**: Navigate to your GCP Terraform configuration and run the following:

```
cd integrations/google_security_command_center/terraform
# Preview what will be destroyed
terraform plan -destroy
```

After confirming what will be destroyed, run the following:

```
# Destroy all resources
terraform destroy
```

## Supporting documentation URLs
<a name="supporting-documentation-urls"></a>

### AWS security platform documentation
<a name="aws-security-platform-documentation"></a>
+ **Amazon OpenSearch Service**: [https://docs.aws.amazon.com/opensearch-service/](https://docs.aws.amazon.com/opensearch-service/)
+ **Amazon Security Lake**: [https://docs.aws.amazon.com/security-lake/](https://docs.aws.amazon.com/security-lake/)
+ **Amazon GuardDuty**: [https://docs.aws.amazon.com/guardduty/](https://docs.aws.amazon.com/guardduty/)
+ **Amazon Inspector**: [https://docs.aws.amazon.com/inspector/](https://docs.aws.amazon.com/inspector/)
+ **AWS Systems Manager**: [https://docs.aws.amazon.com/systems-manager/](https://docs.aws.amazon.com/systems-manager/)

### Multi-cloud integration documentation
<a name="multi-cloud-integration-documentation"></a>
+ **Security Lake multi-cloud integration**: [https://docs.aws.amazon.com/security-lake/latest/userguide/custom-sources.html](https://docs.aws.amazon.com/security-lake/latest/userguide/custom-sources.html)
+ **Systems Manager hybrid activations**: [https://docs.aws.amazon.com/systems-manager/latest/userguide/activations.html](https://docs.aws.amazon.com/systems-manager/latest/userguide/activations.html)
+ **OpenSearch Security Analytics plug-in**: [https://docs.aws.amazon.com/opensearch-service/latest/developerguide/security-analytics.html](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/security-analytics.html)

### Implementation guides
<a name="implementation-guides"></a>
+ **Azure integration guide**: Available in the project repository at [https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/azure/microsoft_defender_cloud/README.md](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/azure/microsoft_defender_cloud/README.md)` `
+ **GCP integration guide**: Available in the project repository at [https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/google_security_command_center/README.md](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/google_security_command_center/README.md)` `
+ **Security Lake framework**: Available in the project repository at [https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/security-lake/cdk/README.md](https://github.com/aws-samples/sample-aws-security-lake-integrations/blob/main/integrations/security-lake/cdk/README.md)` `

## Conclusion
<a name="conclusion"></a>

In this tutorial, we created and showed a comprehensive Security Platform as a Service (PaaS) that delivers the required native, multifunction security operations console:

1. **Native multi-cloud CSPM**: Provides built-in connectors for Azure Security Center and GCP Security Command Center with unified OpenSearch dashboard.

1. **Native multi-cloud SIEM**: Provides built-in connectors for Azure and GCP log sources with unified Security Analytics console

1. **Native multi-cloud CWPP**: Provides built-in connectors for Azure and GCP workload protection with unified threat detection, vulnerability management, and runtime protection

![Cloud security dashboard showing workload metrics, severity distributions, and vulnerability analysis across Azure and AWS resources.](http://docs.aws.amazon.com/hands-on/latest/aws-security-platform-as-a-service/images/security-patform-as-a-service-dashboard.png)