After setting up a user wtth the AssumeRole permission for use by CDV in Organization-level discoveries (see Deploying cross-account roles for AWS Organization-level Discovery jobs), you can configure the appropriate credentials in CDV. Doing so will let you set up Organization-level Discovery jobs.
To configure AWS credentials for an Organization-level discovery job:
If you haven't already done so, start CDV and go to the AWS Setup page. (In the CDV banner, click the AWS tab, then click Setup.)
In the AWS Credentials section, do one of the following:
If CDV is not deployed on an EC2 system:
In AWS Access Key ID, enter the access key ID for the user or role that you configured earlier (that has the AssumeRole permission).
In AWS Secret Access Key, enter the access key ID for the user or role that you configured earlier (that has the AssumeRole permission).
Under Advanced AWS Parameters, make sure that Enable AWS Multi-Factor Authentication is cleared.
Note: Organization-level discovery jobs do not work if Multi-Factor Authentication is enabled.
If CDV is deployed on an EC2 system:
Make sure that Use EC2 instance credentials is selected. CDV should acquire authentication information from the VM automatically.
When you're done, you can run discovery on your system at the Organization level.