The Credentials section of the AWS Setup tab contains credentials that Cloud Discovery & Visibility uses to access your AWS infrastructure. Fields in the Advanced tab of the Credentials section let you configure multiple AWS credentials for different regions or the same region.
In order to apply different AWS credentials for different regions, you must first prepare a text file with credential information for each region. Each line in the file defines a single set of credentials, listing the region, access key, and (optionally) the ARN role that CDV should use when using those specific credentials.
For more details on setting up and importing this credentials file, see AWS multiple credentials file format below.
Settings in the Advanced tab let you perform discovery with multiple credentials that apply to different regions. If you want to perform discovery with multiple credentials that apply to different accounts, you can do so with Organization-level discovery jobs (that is, discovery that's performed on all accounts in an Organization). For more details, see Setting up a single AWS user account for Cloud Discovery & Visibility.
Click the Advanced tab to view the additional settings. Fields in the Advanced tab of the Credentials section are as follows:
Field/Option | Description |
---|---|
Multiple Credentials File |
Drag your multiple credentials file onto this area to apply it to CDV. Or, click within the area, then navigate to and select the desired file. . |
AWS multiple credentials file format
In order to use multiple accounts with CDV on an AWS infrastructure, you must first prepare a text file with credential information for each region. Each line in the file should contain a single set of credential details that specify the region, access key, secret key, and (optionally) the ARN role that CDV should assume.
If you are using AWS user accounts, each line can use one of the following formats:
<Region>, <AWS_access_key>, <AWS_secret_key>
<Region>, <AWS_access_key>, <AWS_secret_key>, <Role_ARN_assumption>
Where:
-
Region
: The region to which this line's credentials apply, such asus-west-2
. -
AWS_access_key
: The AWS access key ID for your environment. -
AWS_secret_key
: The AWS secret access key that is associated with the specified AWS access key. -
Role_ARN_assumption
: The AWS role assumption ARN.
If Cloud Discovery & Visibility is deployed on an EC2 instance and you want to apply different AWS credentials for different regions, each line can instead use one of the following formats:
<Region>, , , <Role_ARN_assumption>
<Region>
Where:
-
Region
: The region to which this line's credentials apply, such asus-west-2
. -
Role_ARN_assumption
: The AWS role assumption ARN.
AWS_access_key
and/or
AWS_secret_key
when CDV is deployed to an EC2 instance, those
values are ignored.Importing the multiple credentials file into CDV
After you create a multi-credentials text file (see AWS multiple credentials file format above), you can import it into CDV:
-
In Cloud Discovery & Visibility, click AWS in the banner at the top and then click Setup.
-
Click to expand AWS Credentials (if necessary), then click the Advanced tab.
-
Drag the multiple credentials text file into the Multiple Credentials File area.
You can also click the Multiple Credentials File area to manually navigate to the desired file.