Cloud Discovery & Visibility (CDV) must be authorized with the Amazon Web Services (AWS) infrastructure in order to run discovery or visibility. Instead of entering details for a single AWS account, you can configure multiple AWS credentials (or Role ARNs)for different regions, or even the same region. When doing so, you must specify these credentials in the Credentials settings when configuring the discovery, either when it was first created or when updating an existing discovery schedule or visibility manager.
In order to apply multiple AWS credentials, you must first prepare a text file with credential information for each region. Each line in the file defines a single set of credentials, listing the region for credentials, access key, and (optionally) the ARN role that CDV should use when using those specific credentials.
For more details on setting up and importing this credentials file, see AWS multiple credentials file format below.
Multiple credentials setup in the Credentials tab when creating and setting up a new Discovery apply to different regions. If you want to perform discovery with multiple credentials that apply to different accounts, you can do so with Organization-level discovery (that is, discovery that's performed on all accounts in an Organization). For more details, see Setting up a single AWS user account for Cloud Discovery & Visibility.
To specify multiple credentials that apply to different regions, while configuring the credentials for a job's settings, at the top of the Credentials settings select Multiple credentials. Then, drag your multiple credentials file onto the Multiple credentials file box to apply it to CDV. Or, click within the area, then navigate to and select the desired file.
AWS multiple credentials file format
In order to use multiple accounts with CDV on an AWS infrastructure, you must first prepare a text file with credential information for each region. Each line in the file should contain a single set of credential details that specify the region, access key, secret key, and (optionally) the ARN role that CDV should assume.
If you are using AWS user accounts, each line can use one of the following formats:
<Region>, <AWS_access_key>, <AWS_secret_key><Region>, <AWS_access_key>, <AWS_secret_key>, <Role_ARN_assumption>Where:
-
Region: The region to which this line's credentials apply, such asus-west-2. -
AWS_access_key: The AWS access key ID for your environment. -
AWS_secret_key: The AWS secret access key that is associated with the specified AWS access key. -
Role_ARN_assumption: The AWS role assumption ARN.
If Cloud Discovery & Visibility is deployed on an EC2 instance and you want to apply different AWS credentials for different regions, each line can instead use one of the following formats:
<Region>, , , <Role_ARN_assumption><Region>Where:
-
Region: The region to which this line's credentials apply, such asus-west-2. -
Role_ARN_assumption: The AWS role assumption ARN.
AWS_access_key and/or
AWS_secret_key when CDV is deployed to an EC2 instance, those
values are ignored.Importing the multiple credentials file into CDV
A multiple credentials file can be imported and used only when creating a new AWS discovery.
- Create the multiple credentials file.
- Go to the Discovery tab and click Create discovery.
- Select Amazon Web Services and click Next.
- In the Credentials tab, select the Multiple credentials option.
- Do one of the following:
-
Drag and drop the multiple credentials text file into the Multiple credentials file area.
-
Or, click the Multiple credentials file area to browse and select the file manually.
-