The following section configures the credentials to access your AWS infrastructure.
Before you proceed to configure the workflow, you must have the AWS access key ID and secret access key to access your AWS infrastructure. This can be retrieved from the My Security Credentials page in the account page on AWS. If you have forgotten your secret access key, you can create a new access key set and mark the old key set as inactive.
If your account requires a multi-factor authentication Amazon Resource Names (ARN)
token or role assumption ARN, retrieve those values for your AWS environment.
Attention: If you have multiple AWS accounts or AWS Role ARNs, you can
automate discovery using the BlueCat Cloud Discovery & Visibility REST API.
For more information, refer to REST API endpoints.
Under AWS Credentials, enter your AWS credentials:
- Use EC2 instance credentials—If you deployed your
Cloud Discovery & Visibility Adaptive Application on an EC2 instance,
select this checkbox to retrieve the AWS credentials from your EC2 instance
metadata. When selected, the credentials of the user that deployed the Cloud
Discovery & Visibility instance in AWS are used for authentication and
the AWS ACCESS KEY ID, AWS SECRET ACCESS
KEY, and Enable AWS Multifactor
Authentication fields are removed from the Cloud Discovery
& Visibility UI.Attention:
- This field only appears on Cloud Discovery & Visibility deployed on EC2 instances in AWS environments. For more information on deploying Cloud Discovery & Visibility on an AWS EC2 instance, refer to Installing Cloud Discovery & Visibility on AWS EC2 instances.
- If you have Cloud Discovery & Visibility deployed on an EC2 instance in AWS and the Use EC2 instance credentials field does not appear, verify that the EC2 instance and retrieve the instance metadata. For more information, refer to Retrieving AWS EC2 instance metadata.
- AWS ACCESS KEY ID—enter the AWS access key ID for your environment.
- AWS SECRET ACCESS KEY—enter the AWS secret access key associated to the AWS secret key ID entered.
- Enable AWS Multifactor Authentication—select this
checkbox to enable AWS multi-factor authentication.
- AWS MFA TOKEN ARN—enter the AWS multi-factor
authentication token ARN. The AWS multi-factor authentication token
ARN must be in the following format:
arn:aws:iam::<account_number>:mfa/<account_id>An example AWS multi-factor authentication token ARN might look as follows:
arn:aws:iam::123456789012:mfa/exampleUser
- AWS MFA TOKEN ARN—enter the AWS multi-factor
authentication token ARN. The AWS multi-factor authentication token
ARN must be in the following format:
arn:aws:iam::<account_number>:mfa/<account_id>
- Enable AWS Role Assumption—select this checkbox to
enable AWS role assumption.
- AWS ROLE ARN—enter the AWS role assumption
ARN. The AWS role ARN must be in the following format:
arn:aws:iam::<account_role_number>:role/<role_name>An example AWS role ARN might look as follows:
arn:aws:iam::987654321098:role/developerRole
- AWS ROLE ARN—enter the AWS role assumption
ARN. The AWS role ARN must be in the following format:
arn:aws:iam::<account_role_number>:role/<role_name>