QUESTION

I am looking into setting up cloud account monitoring for AWS. What is the PantherCloudFormationStackSetExecutionRole and do I need to set up this IAM role with my other Panther resources to monitor my AWS account?

ANSWER

You do not need to include this role when setting up your Panther resources if you're using Cloudtrail to monitor your account or if you do not wish to set up real-time scanning.

The PantherCloudFormationStackSetExecutionRole is an IAM role that Panther provides in its panther-auxiliary repository as a Cloudformation template one can utilize while onboarding their AWS accounts for real-time account scanning. This role in particular is only used for setting up real-time scanning with CloudWatch events; most customers tend to favor CloudTrail for monitoring their accounts in real-time.