Introduction to Cloud Discovery & Visibility AWS - Adaptive Applications - BlueCat Gateway - 21.1

Cloud Discovery & Visibility AWS Administration Guide

Locale
English (United States)
Product name
BlueCat Gateway
Version
21.1

BlueCat Adaptive Applications are licensed, out-of-the-box applications that provide you with advanced DDI functionality with minimal configuration. Adaptive Applications extend the functionality of the BlueCat core Adaptive DNS platform, DNS Integrity, in specific areas to drive increased customer value and competitive differentiation.

The BlueCat Cloud Discovery & Visibility AWS Adaptive Application introduces a method to retrieve data from the AWS Cloud and import the discovered objects into Address Manager. This provides continuous, real-time visibility into the changes to your AWS infrastructure.
Note: The BlueCat Cloud Discovery & Visibility AWS Adaptive Application only provides visibility into your AWS infrastructure. You cannot use the BlueCat Cloud Discovery & Visibility AWS Adaptive Application to import Address Manager data into your AWS infrastructure.
The application imports the following information:
  • AWS Private VPCs/Subnets
  • AWS Public IP Ranges
  • AWS EC2 Instances
  • AWS DNS Hostnames (Internal)
  • AWS DNS Hostnames (External)
  • AWS Elastic Load Balancers v2 (ELBv2)
  • AWS Route 53 (Private DNS)
  • AWS Route 53 (Public DNS)

Requirements

Before you install the Cloud Discovery & Visibility AWS Adaptive Application, ensure that the following requirements are met:
  • You must be running Address Manager v9.1.0 or greater
  • You must have an AWS account to retrieve the AWS data with the following permissions set:
    • AmazonVPCReadOnlyAccess
    • AmazonEC2ReadOnlyAccess
    • ElasticLoadBalancingReadOnly
    • AmazonRoute53ReadOnlyAccess
    • CloudWatchFullAccess
    • CloudWatchEventsFullAccess
    • AmazonSQSFullAccess
    • AmazonSNSFullAccess
    • IAMReadOnlyAccess
    • Active AWS Security Token Service (STS) for Global or the region that is in use.
    For more information on setting permissions and configuring policies, refer to 'Managing IAM Policies' in the AWS Identity and Access Management User Guide.
    Attention: The following AWS Control Tower settings must not be enabled:
    • Disallow changes to Amazon SNS set up by AWS Control Tower
    • Disallow changes to Amazon SNS subscriptions set up by AWS Control Tower
Note: The AWS account is configured in the Adaptive Application setup and used to continuously monitor and retrieve changes from your AWS infrastructure . You do not need to be logged into the AWS workflow for visibility to occur.