AWS environments - Adaptive Applications - BlueCat Gateway - 21.3.1

Cloud Discovery & Visibility Administration Guide

Locale
English (United States)
Product name
BlueCat Gateway
Version
21.3.1

Before you begin

Ensure that the following requirements are met:
  • You must be running Address Manager v9.1.0 or greater
  • You must have an AWS account to retrieve the AWS data with the following permissions set:
    • AmazonVPCReadOnlyAccess
    • AmazonEC2ReadOnlyAccess
    • ElasticLoadBalancingReadOnly
    • AmazonRoute53ReadOnlyAccess
    • IAMReadOnlyAccess
    • Active AWS Security Token Service (STS) for Global or the region that is in use.
  • You must have an AWS account for Visibility with one of the following permission sets:
    • Full permissions
      • CloudWatchFullAccess
      • CloudWatchEventsFullAccess
      • AmazonSQSFullAccess
      • AmazonSNSFullAccess
    • Specified IAM role permissions
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Sid": "VisualEditor0",
                  "Effect": "Allow",
                  "Action": [
                      "sqs:DeleteMessage",
                      "sqs:GetQueueUrl",
                      "sqs:ReceiveMessage",
                      "sqs:GetQueueAttributes",
                      "sqs:TagQueue",
                      "sqs:PurgeQueue",
                      "sqs:DeleteQueue",
                      "sqs:CreateQueue",
                      "sqs:SetQueueAttributes",
                      "sns:ListSubscriptionsByTopic",
                      "sns:DeleteTopic",
                      "sns:CreateTopic",
                      "sns:ListTopics",
                      "sns:Unsubscribe",                
                      "sns:SetTopicAttributes",
                      "sns:Subscribe",
                      "events:PutRule",
                      "events:TagResource",
                      "events:PutTargets",
                      "events:DeleteRule",
                      "events:ListRules",
                      "events:RemoveTargets",
                      "events:ListTargetsByRule"
                  ],
                  "Resource": "*"
              }
          ]
      } 
      For more information on setting permissions and configuring policies, refer to 'Managing IAM Policies' in the AWS Identity and Access Management User Guide.
      Attention: The following AWS Control Tower settings must not be enabled:
      • Disallow changes to Amazon SNS set up by AWS Control Tower
      • Disallow changes to Amazon SNS subscriptions set up by AWS Control Tower