This section describes how to configure the credentials that Cloud Discovery & Visibility uses to access your AWS infrastructure.
In order to configure Cloud Discovery & Visibility (CDV) for AWS, you must have the following:
-
The AWS access key ID and secret access key to access your AWS infrastructure. You can find these on the My Security Credentials page of your account on AWS.Tip: If you forget your secret access key, you can create a new set of access keys and mark the old set as inactive.
-
If your account requires an Amazon Resource Name (ARN) token for multi-factor authentication (MFA) or role assumption, retrieve those values for your AWS environment.Note: When running visibility jobs, CDV reuses configured credentials during AWS authentication to retrieve changes to resources. If your authentication system uses multi-factor authentication (MFA), BlueCat recommends using a service account that can continually authenticate to AWS without user verification.
-
If you have multiple AWS accounts or AWS Role ARNs, you can set up CDV to use multiple accounts. This is especially useful if CDV needs to use different accounts or Role ARNs for different regions.
Tip: You can also automate discovery using the BlueCat Cloud Discovery & Visibility REST API. For more information on doing so, see REST API endpoints.
When configuring CDV's credentials for an AWS environment, there are three general scenarios:
-
Automatically use EC2 instance credentials: If you're running CDV on an AWS EC2 instance, you can tell CDV to automatically acquire authorization credentials from the EC2 instance metadata.
-
Manually configure a single AWS account: You can configure a single set of AWS credentials manually.
-
Manually configure multiple AWS accounts: You can configure multiple AWS credentials, each of which can apply to a different region.