AWS job settings: Configuration Options - BlueCat Integrity

AWS job settings: Configuration Options - BlueCat Integrity - 26.1.0

Address Manager Administration Guide

ft:locale

en-US

Product name

BlueCat Integrity

Version

26.1.0

While editing an Amazon Web Services (AWS) Discovery or Visibility, AWS Configuration Options settings let you specify how Cloud Discovery & Visibility (CDV) creates BlueCat Address Manager Configurations when importing discovered AWS infrastructure resources.

Important: Configuration options are available only when creating a new Discovery. You cannot update them later.

Attention: If you update the name of a BlueCat Configuration or View in Address Manager after you enable Discovery and Visibility, CDV will no longer import AWS infrastructure changes into Address Manager.

You can select from three Configuration modes for Configuration creation conventions:

Default: CDV creates separate Address Manager configurations for each region.

General configurations will be named:
```
<AWS account name>/<Region name>
```
Overlap configurations will be named:
```
<AWS account name>/<Region name>/<VPC ID overlap>
```
or
```
<AWS account name>/<Region name>/<VPC ID overlap>/<VPC name overlap>
```
If you enable discovery of internal Kubernetes resources in EKS Clusters, CDV creates a Configuration for each cluster with the following name:
```
<AWS account name>/<Region name>/<VPC ID>/<Cluster name>
```
Custom: CDV creates separate Address Manager configurations for each region. Configuration names will incorporate a custom name that you enter in the BlueCat Configuration field.

General configurations will be named:
```
<Custom BlueCat Configuration name>/<AWS account name>/<Region name>
```
Overlap configurations will be named:
```
<Custom BlueCat Configuration name>/<AWS account name>/<Region name>/<VPC ID overlap>
```
or
```
<Custom BlueCat Configuration name>/<AWS account name>/<Region name>/<VPC ID overlap>/<VPC name overlap>
```
If you enable discovery of internal Kubernetes resources in EKS Clusters, CDV creates a Configuration for each cluster with the following name:
```
<Custom BlueCat Configuration name>/<AWS account name>/<Region name>/<VPC ID>/<Cluster name>
```
Combined: CDV combines resource information from all resource groups into a single Address Manager configuration, with the custom name that you enter in the BlueCat Configuration field:

General configurations will be named:
```
<BlueCat Configuration name>
```
Overlap configurations will be named:
```
<Custom BlueCat Configuration name>/<AWS account name>/<Region name>/<VPC ID overlap>
```
or
```
<Custom BlueCat Configuration name>/<AWS account name>/<Region name>/<VPC ID overlap>/<VPC name overlap>
```
If you enable discovery of internal Kubernetes resources in EKS Clusters, CDV creates a Configuration for each cluster with the same name as when using the Custom option:
```
<Custom BlueCat Configuration name>/<AWS account name>/<Region name>/<VPC ID>/<Cluster name>
```

Tip: If you instead want Address Manager Configuration names to put the Region before the AWS Account Name (as in

<Region name>/<AWS account
                    name>

), tick the Region name before account configuration format option under Address Manager Configuration Mode settings.

AWS Configuration Options settings

The Configuration options settings for GCP infrastructures has the following settings.

AWS region settings

Settings in this section let you specify the AWS regions from which you want to import AWS infrastructure information.

Field/Option Description

Field/Option	Description
Select all regions	If ticked, CDV will import information from all available regions
AWS Region	(Editable only if Select all regions is cleared.) The specific AWS regions from which you want to import the AWS infrastructure information, such as `us-east-1`. By default, you can enter and select checkboxes for multiple regions. To add a region, start typing its name, then click it from the popup list that appears. To later remove it from the list of regions, click the X button next to the region's name. CDV will create a separate Discovery job for each selected region. If the AWS Monitoring Options mode is set to Visibility, CDV also creates a visibility job for each region and a Visibility Manager to hold them. For more details about Visibility Managers, see Visibility tab. You cannot select multiple regions if you configured multiple AWS credentials (for different regions or the same region) in the Advanced tab of the AWS Credentials settings. Note: Discovery will not run on regions that are disabled or inactive within the AWS infrastructure, even if you select it in this list. Currently, only AWS regions for US AWS GovCloud and China Cloud regions are supported. Other cloud regions are either not supported at all, or require additional permissions for Discovery to work.

Select all regions

If ticked, CDV will import information from all available regions

AWS Region

(Editable only if Select all regions is cleared.)

The specific AWS regions from which you want to import the AWS infrastructure information, such as us-east-1.

By default, you can enter and select checkboxes for multiple regions. To add a region, start typing its name, then click it from the popup list that appears. To later remove it from the list of regions, click the X button next to the region's name.

CDV will create a separate Discovery job for each selected region. If the AWS Monitoring Options mode is set to Visibility, CDV also creates a visibility job for each region and a Visibility Manager to hold them.

For more details about Visibility Managers, see Visibility tab.

You cannot select multiple regions if you configured multiple AWS credentials (for different regions or the same region) in the Advanced tab of the AWS Credentials settings.

Note:

Discovery will not run on regions that are disabled or inactive within the AWS infrastructure, even if you select it in this list.
Currently, only AWS regions for US AWS GovCloud and China Cloud regions are supported. Other cloud regions are either not supported at all, or require additional permissions for Discovery to work.

Address Manager configuration mode settings

Specifies the format and syntax for Configurations that CDV adds to Address Manager.

Field/Option Description

Field/Option	Description
Region name before account configuration format	If checked, whenever CDV would create a BAM Configuration that includes `/<AWS account name>/<Region name>` (that is, the AWS Account Name followed by the Region), CDV will use `<Region name>/<AWS account name>` instead. This applies to Address Manager Configurations created for all Configuration Modes (Default, Custom, and Combined).
Default, Custom, and Combined	Select the Configuration mode for the Configuration creation convention that you want to use: Default: CDV creates separate Address Manager configurations for each region. Custom: CDV creates separate Address Manager configurations for each region. Configuration names will incorporate a custom name that you enter in the BlueCat Configuration field. Combined: CDV combines resource information from all chosen regions from all selected accounts into a single Address Manager configuration, with the custom name that you enter in the BlueCat Configuration field.
Address Manager configuration	(Disabled if using the Default Configuration mode for Configuration names.) A customized name to use for Address Manager Configurations that will be created in Address Manager to hold information about the AWS infrastructure and its resources. When the Configuration mode is Custom or Combined, this field cannot be empty. Attention: Configuration names cannot contain forward slash characters (`/`). Doing so can cause issues and errors with Discovery and Visibility of cloud resources. Note: When CDV retrieves data that has overlapping IP addresses in the Virtual Networks, CDV creates multiple Configurations in Address Manager depending on the number of VPCs with overlapping IP addresses.

Region name before account configuration format

If checked, whenever CDV would create a BAM Configuration that includes /<AWS account name>/<Region name> (that is, the AWS Account Name followed by the Region), CDV will use <Region name>/<AWS account name> instead.

This applies to Address Manager Configurations created for all Configuration Modes (Default, Custom, and Combined).

Default, Custom, and Combined

Select the Configuration mode for the Configuration creation convention that you want to use:

Default: CDV creates separate Address Manager configurations for each region.
Custom: CDV creates separate Address Manager configurations for each region. Configuration names will incorporate a custom name that you enter in the BlueCat Configuration field.
Combined: CDV combines resource information from all chosen regions from all selected accounts into a single Address Manager configuration, with the custom name that you enter in the BlueCat Configuration field.

Address Manager configuration

(Disabled if using the Default Configuration mode for Configuration names.)

A customized name to use for Address Manager Configurations that will be created in Address Manager to hold information about the AWS infrastructure and its resources. When the Configuration mode is Custom or Combined, this field cannot be empty.

Attention: Configuration names cannot contain forward slash characters (/). Doing so can cause issues and errors with Discovery and Visibility of cloud resources.

Note: When CDV retrieves data that has overlapping IP addresses in the Virtual Networks, CDV creates multiple Configurations in Address Manager depending on the number of VPCs with overlapping IP addresses.

Create overlapping configuration settings

Field/Option	Description
Create overlapping configuration	Tick this checkbox to automatically create additional Address Manager Configurations for networks that overlap with those from different Discovery jobs within the same region. By default, this option is selected. If cleared, CDV will mark all overlapping Configurations and their resources as DROPPED, and they will not be imported into Address Manager. If a conflicting network is resolved in the cloud, resources in overlapping configurations will be imported back into the general BAM Configuration. Note: When performing discovery on Elastic Kubernetes Services (EKSs), resource information about EKSs (and internal Kubernetes resources within an EKS) are always dropped if they are associated with an overlapping network. CAUTION: Regardless of the whether or not this checkbox is selected, overlapping networks will still be dropped under the following circumstances: When two discovery jobs are executed in consecutive order with the same Address Manager Configuration name, and they are discovering VPCs in those two different regions. When this occurs, the Discovery page displays the status of the Schedule manager as Completed. However, when you click the Schedule Manager to see the discovery jobs, the status of the jobs is displayed as Completed with issues, indicating that VPCs have been dropped.
Override configuration	Select this checkbox to automatically override existing Configurations in Address Manager that have the same name. Note: If Scheduled Discovery is selected in the AWS Monitoring Options, this checkbox is automatically selected and cannot be changed.

Field/Option

Description

Create overlapping configuration

Tick this checkbox to automatically create additional Address Manager Configurations for networks that overlap with those from different Discovery jobs within the same region. By default, this option is selected.

If cleared, CDV will mark all overlapping Configurations and their resources as DROPPED, and they will not be imported into Address Manager. If a conflicting network is resolved in the cloud, resources in overlapping configurations will be imported back into the general BAM Configuration.

Note: When performing discovery on Elastic Kubernetes Services (EKSs), resource information about EKSs (and internal Kubernetes resources within an EKS) are always dropped if they are associated with an overlapping network.

CAUTION:

Regardless of the whether or not this checkbox is selected, overlapping networks will still be dropped under the following circumstances: When two discovery jobs are executed in consecutive order with the same Address Manager Configuration name, and they are discovering VPCs in those two different regions. When this occurs, the Discovery page displays the status of the Schedule manager as Completed. However, when you click the Schedule Manager to see the discovery jobs, the status of the jobs is displayed as Completed with issues, indicating that VPCs have been dropped.

Override configuration

Select this checkbox to automatically override existing Configurations in Address Manager that have the same name.

Note: If Scheduled Discovery is selected in the AWS Monitoring Options, this checkbox is automatically selected and cannot be changed.