AWS Credentials - Adaptive Applications - BlueCat Gateway - 21.1

Cloud Discovery & Visibility AWS Administration Guide

Locale
English (United States)
Product name
BlueCat Gateway
Version
21.1

The following section configures the credentials to access your AWS infrastructure.

Before you proceed to configure the workflow, you must have the AWS access key ID and secret access key to access your AWS infrastructure. This can be retrieved from the My Security Credentials page in the account page on AWS. If you have forgotten your secret access key, you can create a new access key set and mark the old key set as inactive.

If your account requires a multi-factor authentication Amazon Resource Names (ARN) token or role assumption ARN, retrieve those values for your AWS environment.
Attention: If you have multiple AWS accounts or AWS Role ARNs, you can automate discovery using the BlueCat Cloud Discovery & Visibility REST API. For more information, refer to REST API endpoints.

Visibility reuses configured credentials to authenticate with AWS to retrieve changes to resources. If your account requires multi-factor authentication, BlueCat recommends configuring a service account that can continually authenticate with AWS without user verification.



Under AWS Credentials, enter your AWS credentials:
  • AWS ACCESS KEY ID—enter the AWS access key ID for your environment.
  • AWS SECRET ACCESS KEY—enter the AWS secret access key associated to the AWS secret key ID entered.
  • Enable AWS Multifactor Authentication—select this checkbox to enable AWS multi-factor authentication.
    • AWS MFA TOKEN ARN—enter the AWS multi-factor authentication token ARN. The AWS multi-factor authentication token ARN must be in the following format: arn:aws:iam::<account_number>:mfa/<account_id>
      An example AWS multi-factor authentication token ARN might look as follows:
      arn:aws:iam::123456789012:mfa/exampleUser
  • Enable AWS Role Assumption—select this checkbox to enable AWS role assumption.
    • AWS ROLE ARN—enter the AWS role assumption ARN. The AWS role ARN must be in the following format: arn:aws:iam::<account_role_number>:role/<role_name>
      An example AWS role ARN might look as follows:
      arn:aws:iam::987654321098:role/developerRole