Purging AWS discovery and visibility systems - Adaptive Applications - BlueCat Gateway - 23.3.2

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
23.3.2

In order to perform Amazon Web Services (AWS) discovery and visibility jobs, CDV stores files, data, and other resources on the target AWS infrastructure. This data is used to track network resources like virtual networks, virtual machines, and load balancers (among others) so that they can be noted and passed on to Address Manager by visibility jobs. If you don't need to run discovery or visibility on a system anymore (or you simply want to clear out data for maintenance), you can purge it to remove these files.

CDV tracking resource files typically begin with the prefix BC-CDV-. Purging deletes all SNS, SQS, and CloudWatch resources that CDV uses to set up visibility on an AWS system. Purging removes only files that begin with BC-CDV-, plus files and data associated with discovery and visibility jobs that currently exist in CDV. When purging AWS systems, you can limit the purge operation to specific regions.

To purge an AWS visibility system:

  1. In CDV, go to the AWS Settings tab. (Click the AWS tab in the header, then click the Settings tab and expand Purge Visibility System.)

  2. Enter the access key, authentication, and role details for the target AWS infrastructure, then select the regions that you want to purge.

    The account used for purging must have the appropriate permissions for the selected regions.

    For more details, see Purging Visibility System settings below.



  3. When you're done, click Purge.

Purging Visibility System settings

The Purging Visibility System section of the AWS Settings page has the following settings.

Basic AWS parameters options

Field/Option Description
AWS Access Key ID The ID of the Access Key for the IAM account that CDV should use when purging the AWS infrastructure.
AWS Secret Access Key

The Secret Access Key for the IAM account indicated in AWS Access Key ID.

Advanced AWS parameters options

Field/Option Description
Enable AWS Multi-Factor Authentication

If selected, CDV will use Multi-Factor Authentication (MFA) when authenticating itself on the AWS infrastructure for the purge operation.

If cleared, CDV will not use AWS MFA during authentication.

AWS MFA Token ARN

(Available only if Enable AWS Multi-Factor Authentication is selected.)

Also, in AWS MFA Token ARN, enter the AWS multi-factor authentication token Amazon Resource Name (ARN). This token must be in the following format:

arn:aws:iam::<account_number>:mfa/<account_id>
For example:
arn:aws:iam::123456789012:mfa/exampleUser

Also, in AWS MFA Code (the field to the right of the token ARN), enter the MFA authentication code.

Enable AWS Role Assumption

If selected, AWS role assumption will be enabled. This lets CDV use a temporary set of security credentials to access AWS resources to which it normally doesn't have access.

AWS Role ARN

(Available only if Enable AWS Role Assumption is selected.) The Amazon Resource Name (ARN) for the role that CDV is to assume, using AWS role assumption. The AWS role ARN must be in the following format:

arn:aws:iam::<account_role_number>:role/<role_name>
For example:
arn:aws:iam::987654321098:role/developerRole
AWS Regions The regions that you want to purge. To purge all regions, select the checkbox for All Regions. To purge specific regions, select the checkboxes for all regions that you want to purge.