Running AWS Organization-level discovery jobs - Adaptive Applications - BlueCat Gateway - 24.1

After setting up cross-account credentials in Cloud Discovery & Visibiltiy (CDV) so that CDV can use a user or role wtth the AssumeRole permission (see Setting up AWS credentials for Organization-level discovery jobs in Cloud Discovery & Visibility), you can set up and run Organization-level Discovery jobs on AWS infrastructures (running discovery on some or all accounts in the Organization).

To set up Organization-level Discovery jobs:

1. If you haven't already done so, start CDV and go to the AWS Discovery page. (In the CDV banner, click the AWS tab, then click Discovery.)

2. In the AWS Account Filter section, select the Discovery for Organization checkbox.

3. In Role Name used for Discovery Organization, enter the name of the user or role that you configured earlier (with the AssumeRole permission).

   Tip: In the earlier steps for creating this role, the example name was cdvrole.

4. Configure the filters used to determine whether or not an AWS Account is included in discovery.

   You can specify individual organizational units, you can set up an account name filter, and you can specify matching AWS tags. If you don't want to use one of the three filter types, leave it empty.

   Note: CDV includes an account in discovery only if it satisfies all filters for which a value or setting is specified. For example, if you leave all AWS Account Tag fields empty, but specify the following:

   • In AWS Account organizational unit, you select an OU named merchant-ou.
   • In Account Name Filter, you enter marketing*

   Then an AWS Account named marketing-web (which satifies the Account Name Filter) would be included only if its parent OU is merchant-ou. Its AWS Account Tags are ignored.

   The three filters are as follows:

   • Manually select organizational units (OUs): Click the AWS account organizational unit field, then select checkboxes for the OUs on whose accounts you want to run discovery.

     If a desired OU doesn't appear, you can refresh the list by clicking the Re-fetch Organizational Units from cloud button. Depending on the complexity of your AWS infrastructure, refreshing the list can take several minutes.

     Note: Organizational Unit (OU) selections do not cascade. If you include an Organizational Unit (OU) in your selection, only accounts directly within that OU will be included in discovery. If that OU contains additional OUs, accounts in those additional OUs will not be included. (To include those child OUs, make sure you also select their checkboxes in the list.)

   • Filter in accounts by name: To include accounts with a specific name or name pattern, enter that name in Account Name Filter.

     Within the name filter, you can use * as a wildcard character. For example, a name filter of marketing* would include accounts named marketing-admin, marketing-web, and marketingcustplan. You can use * wildcards in any spot in the name filter (not just at the beginning or end).

     If you leave this filter blank, CDV ignores the account name when choosing accounts to include.

   • Filter in accounts by AWS Tag: To include accounts with a specific AWS Tag, enter the tag name in one of the fields in AWS Account Tags.

     If you run out of fields for tag names, click Add more tags to filter to create more.

     If you do not enter any tags, CDV ignores account tags when choosing accounts to include.

     Tip: AWS Account Tags are created in the AWS environment. Typically, users add tags to AWS accounts in the AWS console when the AWS Account is created.
5. Continue configuring the discovery job as normal. For more details, see AWS Discovery Options.