AWS Visibility Options - Adaptive Applications - BlueCat Gateway - 22.2.2

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
22.2.2
The Visibility Options section of the AWS Setup page lets you configure monitoring settings for importing data into Address Manager. Here, you configure what and how you want your network data to be made visible for monitoring.
Attention: AWS Visibility functionality imports only incremental EC2 changes to Address Manager.

Basic Visibility Options

Field/Option Description
Enable Visibility after Discovery Select this checkbox to continuously monitor changes to the discovered VPC/Subnets, EC2, Route 53 resources, and VPC Endpoints from the AWS infrastructure.

Address Manager User options

Field/Option Description

Address Manager Username

Address Manager Password

Enter the username of the Address Manager user.
Note: This user should be an administrative API user with full permissions.
Also, in Address Manager Password, enter the password for the Address Manager user.
AWS Service Account options
Field/Option Description
Service Account Key

Enter the AWS access key ID for the account used in the AWS Credentials page.

Service Account Secret Enter the AWS secret access key for the account used in the AWS Credentials page.

Advanced AWS Parameters options

Field/Option Description
Enable AWS Role Assumption Select this checkbox to use AssumeRole security credentials within your account to gain visibility into your AWS environment.
Attention: If you deployed Cloud Discovery & Visibility on an AWS EC2 Instance, the following fields do not appear if you also selected the Get Credentials from environment checkbox within the AWS Credentials page.
  • AWS Role ARN—enter the AWS role assumption ARN. The AWS role ARN must be in the following format: arn:aws:iam::<account_role_number>:role/<name>

    An example AWS role ARN might look as follows: arn:aws:iam::987654321098:role/developerRole

AWS Role ARN
Note: This field is not available if you're automatically acquiring Cloud Discovery & Visibility credentials from an EC2 Instance. (That is, if CDV is deployed on an AWS EC2 Instance and you selected the Get Credentials from environment checkbox within the AWS Credentials page.)
Enter the AWS role assumption ARN. The AWS role ARN must be in the following format:

arn:aws:iam::<account_role_number>:role/<name>

For example, arn:aws:iam::987654321098:role/developerRole

Other options

Field/Option Description
Override Queue and Notification Default Names

Select the Override Queue and Notification Default Names checkbox to specify custom queue and notification names for retrieving data from your AWS infrastructure. We recommend using this feature only if absolutely necessary, such as when names of resources in your cloud environments must conform to company standards.

Selecting this checkbox displays the following fields:
  • SNS Topic Name: Enter the name of the SNS (Simple Notification Service) Topic that will be used to retrieve data from AWS.

    The name can have up to 256 characters using letters, numbers, hyphens ("-"), and underscores ("_").

  • SQS Name: Enter the name of the SQS (Simple Queue Service) that will be used to retrieve data from AWS.

    The name can have up to 80 characters using letters, numbers, hyphens ("-"), and underscores ("_").

  • EventBridge Rule Name: Enter the name of the EventBridge Rule that will be used to retrieve data from AWS.

    This name must satisfy EventBridge rules for Rule names: It can have up to 64 characters using letters, numbers, periods ("."), hyphens ("-"), and underscores ("_").

If you enter a name that already exists in the resource group, you'll be asked if you want to reuse the same name. Click Cancel (and choose a different name) if you think your Visibility jobs will affect other Visibility jobs using the same name. Click Reuse to confirm use of the same name (that is, if you're sure that your jobs will not impact other Visibility jobs with the same name).

Attention: Behavior when overriding queue and notification default names
  • If you reuse the existing EventBridge Rule name, any changes in the event pattern will update it within your AWS environment. If you do not have permissions to update the EventBridge Rule name, contact your administrator to modify it to the existing Event Grid Subscription name.
  • The filter will update if you modify any Discovery Options within the same Visibility job.
  • If errors occur due to modifications of the filter, older information will be used and the following error appears:

  • To avoid conflicts, do not use the same SQS names in multiple Visibility jobs. As a best practice, do not reuse names of an SQS Topic, SQS name, or EventBridge Rule that you do not own or control.