Setting up a single AWS user account for Cloud Discovery & Visibility - BlueCat Integrity

Setting up a single AWS user account for Cloud Discovery & Visibility - BlueCat Integrity - 26.1.0

Address Manager Administration Guide

ft:locale

en-US

Product name

BlueCat Integrity

Version

26.1.0

In order to run discovery or visibility on an AWS infrastructure, Cloud Discovery & Visibility (CDV) must be authorized with that infrastructure. If you use a single AWS user account to run discovery or visibility, you must specify it in the Credentials settings when configuring it, either when it was first created or when updating an existing discovery schedule or visibility manager.

Tip:

If you want to instead specify multiple authorization credentials to be used in different regions, you must set up a Credentials file and import it into CDV within the job's Credentials settings. For more details, see Setting up multiple AWS credentials for multiple regions.
If you want to instead perform discovery or visibility on multiple accounts within the same AWS Organization, see Setting up and running AWS Organization-level discovery and visibility.

To configure CDV to use a single AWS user account during discovery:

In CDV, click the Discovery or Visibility tab (if the page you want isn't already open).
Within the list, tick the checkboxes for the managers whose jobs that you want to edit. Then, at the top of the table, click Actions, then Update credentials.

For more details on finding and filtering the list of jobs, see Searching, filtering, and viewing items in tables.

Tip: Credentials settings are also available (along with other settings) when creating a new Discovery or Visibility. Click the Credentials tab if doing so.
If the Use EC2 instance credentials checkbox appears and is selected, click to clear it. (This setting appears only if CDV is deployed on EC2 instances in AWS environments.)
In the Basic AWS parameters section, enter your AWS credentials:
- AWS Access key ID: Enter the AWS access key ID for your environment.
- AWS Secret Access Key: Enter the AWS secret access key associated with the entered AWS secret key ID.
In the Advanced AWS parameters section, enter the following:
- Enable AWS Role Assumption: Tick this checkbox to use AWS Assume Role providers.
  
  When using Role Assumption, CDV will remain signed in as the user defined by its Access Key and Secret Access Key, but will temporarily assume the role of a different account so that it can perform discovery on that account. While assuming a role, CDV gains all permissions assigned to that role.
  
  Important: After ticking Enable AWS Role Assumption, make sure you enter the Amazon Resource Name (ARN) for the role that CDV is to assume in the AWS Role ARN field.
For more details on these fields, see the AWS job configuration: Credentials.