Starting in Cloud Discovery & Visibility v22.1.1, you can deploy Cloud Discovery & Visibility on AWS EC2 (Elastic Compute Cloud) Instances. When you configure Cloud Discovery & Visibility (CDV) on an AWS EC2 Instance, you can use the credentials of the AWS EC2 instance to authenticate with your AWS environment instead of manually entering in the AWS Key ID and AWS Secret Access Key values.
- Deploying on an AWS EC2 Instance where the discovery and visibility resources, and EC2 Instance host are on the same AWS account.
- Deploying on an AWS EC2 Instance where the discovery and visibility resources are on a different AWS account from the EC2 Instance host.
- Log in to the AWS Management Console.
- Create an IAM role as follows:
In the navigation page, click
.Under Trusted entity type, select AWS service.
Under Use case, select EC2 and click Next.
Under Add permissions, select the required policies and permissions to run AWS discovery and visibility and click Next.
For more information on the required permissions, see Amazon Web Services (AWS) environments.
- Under Name, review, and create, enter the name of the IAM role and click Create.
- Create an AWS EC2 Instance running Ubuntu 22.04. For more information on creating AWS EC2 instances, refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html.
- Attach the newly created IAM role to the AWS EC2 Instance.
To do so, in the Advanced Details section, in IAM instance profile, select the profile for the CDV role that you created earlier.
For more information, refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html. - From the Instances page, click the name of the newly created AWS EC2 Instance. The Instance summary page appears.
- Click Connect.
- From the Connect to instance page, select the SSH client tab.
- Follow the guide to connect to the AWS EC2 Instance using SSH.
- After you successfully connect to the EC2 Instance using SSH, install Docker
using the following commands:
sudo apt update sudo apt install docker.io
- Click
Y
and click ENTER.
Once you successfully install Docker on the EC2 Instance, you can install the Cloud Discovery & Visibility image using the Docker commands outlined in Installing the Cloud Discovery & Visibility Docker image.
Log in to the AWS Management Console.
In the navigation page, click
.Fill in the following fields to create an IAM role for the account with the resources:In Trusted entity type, select AWS account.
In An AWS account, select Another AWS account.
Within the Account ID field, enter the AWS account ID of the EC2 Instance host and click Next.
In Add permissions, select the required permissions to run AWS discovery and visibility and click Next.
For more information on the required permissions, see Amazon Web Services (AWS) environments.
- In Name, review, and create, enter the resource role name of the IAM role.
In the navigation page, click
.Create an IAM role for the account with the EC2 Instance host by performing the following:- In Trusted entity type, select AWS service.
- In Use case, select EC2 and click Next.
- In Add permissions, add policy as
follows:
- Create an AssumeRole policy with the following JSON
content:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::<ResourceAccountId>:role/<ResourceRoleName>" } ] }
- Click Next: Tags, then Next: Review.
- Enter the name of the AssumeRole policy.
When you're done, click Create policy.
- Create an AssumeRole policy with the following JSON
content:
- Within the Add permissions page, select the newly created AssumeRole policy and click Next.
- Under Name, review, and create, enter the host role name of the IAM role
- Create an AWS EC2 Instance running Ubuntu 22.04. For more information on creating AWS EC2 instances, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html.
- Attach the newly created EC2 Instance host IAM role to the AWS EC2
Instance.
To do so, in the Advanced Details section, in IAM instance profile, select the profile for the CDV role that you created earlier.
For more information, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html. - From the Instances page, click the name of the newly created AWS EC2 Instance. The Instance summary page appears.
- Click Connect.
- From the Connect to instance page, select the SSH client tab.
- Follow the guide to connect to the AWS EC2 Instance using SSH.
- After you successfully connect to the EC2 Instance using SSH, install Docker
using the following commands:
sudo apt update sudo apt install docker.io
- Click
Y
and click ENTER.
After you successfully install Docker on the EC2 Instance, you can install the Cloud Discovery & Visibility image using the Docker commands outlined in Installing the Cloud Discovery & Visibility Docker image.