AWS job settings: Account Filter options - BlueCat Integrity

AWS job settings: Account Filter options - BlueCat Integrity - 26.1.0

Address Manager Administration Guide

ft:locale

en-US

Product name

BlueCat Integrity

Version

26.1.0

While editing an Amazon Web Services (AWS) Discovery or Visibility, AWS Account Filter settings let you configure Organization-level discoveries on an AWS platform. You can run these discoveries on all accounts in an Organization, as long as all AWS infrastructure nodes are under the same Organization. The Account filters specify which accounts should be included.

For more details on setting up AWS infrastructure, roles, and permissions to allow for Organization-level Discovery, see Setting up and running AWS Organization-level discovery and visibility.
For more details on setting up and running an Organization-level Discovery job in Cloud Discovery & Visibility (CDV), see Running AWS Organization-level discovery and visibility.

Account tags are metadata information that are added to an account by a system administrator. Account tags are completely customizable, with a user-defiend key name and value, and are typically specific to the needs of a network's owner and administrator.

You can configure Account Filter settings when updating the credentials of a Discovery or Visibility manager, or when creating a new Discovery or Visibility.

Note: You will see Account Filter settings only if Discovery for Organizations is ticked in the Credentials settings under Advanced AWS parameters. (You might need to scroll down.)

Tip: To edit AWS Account Filter settings for an existing Discovery schedule or Visibility manager, select the manager's checkbox from the table in the Discovery or Visibility tab, click Action, and then select Update account filter.

AWS Account Filter settings

Fields in this section let you apply various filters to the accounts on which Discovery will be run. CDV includes an account in discovery only if it satisfies all filters for which a value or setting is specified.

Field/Option	Description
Select all organizational units	If ticked, CDV will run discovery on all current organization units (OUs) as well as future units that match the specified account name filters.
AWS Account organizational units	(Configurable only if Select all organization units is cleared.) Click in the AWS account organizational unit field, then select checkboxes for the OUs on whose accounts you want to run discovery. If a desired OU doesn't appear, you can refresh the list by clicking the Fetch Organizational units from cloud for filtering button. Depending on the complexity of your AWS infrastructure, refreshing the list can take several minutes. Note: Organizational Unit (OU) selections do not cascade. If you include an Organizational Unit (OU) in your selection, only accounts directly within that OU will be included in discovery. If that OU contains additional OUs, accounts in those additional OUs will not be included. (To include those child OUs, make sure you also select their checkboxes in the list.)
Show account name filter and account tags	If checked, the Discovery will include only accounts with a specific name or pattern, and that satisfy certain Account Tag specifications. Ticking this checkbox displays additional fields in the AWS Account Filter section.
AWS account name filter	(Available only if Show account name filter and accounts tags is ticked.) The account name filter to apply to accounts in the Organization. If Show account name filter and account tags is checked, Discovery will include only accounts whose name fits this pattern. Within the name filter, you can use `` as a wildcard character. For example, a name filter of `marketing` would include accounts named `marketing-admin`, `marketing-web`, and `marketingcustplan`. You can use `*` wildcards in any spot in the name filter (not just at the beginning or end). If you leave this filter blank, CDV ignores the account name when choosing accounts to include..
Include tags Tag name Tag value	(Available only if Show account name filter and accounts tags is ticked.) If Include Tags is checked, the Discovery will include only accounts that have at least one of a specified set of AWS Tags with specified values. To include accounts with a specific Tag name and value: In Tag Name, enter the AWS Tag name. In Tag Value, enter the values that the Tag name should have in order to be included in Discovery. To enter multiple values, separate them with commas. Note: You cannot specify the same Tag and Value in both the Include list and Exclude list. Click Add. You cannot enter multiple Tag-Value pairs with the same Tag name. Tag names and values can use only alphanumeric characters. If you enter a Tag Name but leave the value blank, the filter will include accounts that have an empty value for that tag. (To include an empty value in a list of multiple tag values, use an empty space between commas: `value1,,value2`) Tags and values included in Discovery are listed below the Tag name and Tag value fields. To remove a tag from the list, click the remove button (X) next to it. If you do not enter any tags, CDV ignores account tags when choosing accounts to include.
Exclude tags Tag name Tag value	(Available only if Show account name filter and accounts tags is ticked.) If Exclude tags is checked, the Discovery operation will exclude accounts that have at least one of a specified set of AWS Tags with specified values. Discovery will not be run on excluded accounts. An account that has an AWS Tag from the Exclude list (with a specified value) will always be excluded. This will override any other inclusion criteria. Note: You cannot specify the same Tag and Value in both the Include list and Exclude list. If an account has multiple Tag-Value pairs where some are in the "Include" list and some in the "Exclude" list, all the Tag-Value pairs will be excluded. To exclude accounts with a specific AWS Tag and value (these fields appear only when Exclude tags is checked): In Tag name, enter the AWS Tag name. In Tag value, enter the values that the Tag name should have in order to be excluded from Discovery. To enter multiple values, separate them with commas. Click Add. You cannot enter multiple Tag-Value pairs with the same Tag name. Tag names and values can use only alphanumeric characters. If you enter a Tag Name but leave the value blank, the filter will exclude accounts that have an empty value for that tag. (To include an empty value in a list of multiple tag values, use an empty space between commas: `value1,,value2`) Tags and values that you exclude from Discovery are listed below the Tag name and Tag value fields. To remove a tag from the list, click the remove button (X) next to it.