Cloud Discovery & Visibility (CDV) must be authorized with the Amazon Web Services (AWS) infrastructure in order to perform discovery. If you use a single AWS user account to do so, you must specify it in the AWS Credentials settings within the Basic tab.
If you want to instead specify multiple authorization credentials to be used in different regions, set up a Credentials file and import it into the Advanced tab of the Credentials section in the AWS Setup page. For more details, see AWS Credentials: Advanced tab.
If you want to instead perform discovery on multiple accounts within the same AWS Organization, see Setting up and running AWS Organization-level discovery jobs.
To configure a single AWS user account for CDV to use during discovery:
-
In Cloud Discovery & Visibility, click AWS in the banner at the top and then click Setup.
-
Click to expand AWS Credentials (if necessary), then click the Basic tab.
-
If the Use EC2 instance credentials checkbox is selected, click to clear it.
-
Under AWS Credentials, enter your AWS credentials:
-
AWS Access Key ID: Enter the AWS access key ID for your environment.
-
AWS Secret Access Key: Enter the AWS secret access key associated to the AWS secret key ID entered.
-
Enable AWS Role Assumption: Select this checkbox to use AWS Assume Role providers. In this scenario, CDV will remain signed in as the user defined by its Access Key and Secret Access Key, but will temporarily assume the role of a different account so that it can perform discovery on that account. While assuming a role, CDV gains all permissions assigned to that role.
After ticking Enable AWS Role Assumption, make sure you enter the Amazon Resource Name (ARN) for the role that CDV is to assume in the AWS Role ARN field.
For more details on these fields, see the Credentials Basic tab parameter list.
-