Setting up and running AWS Organization-level discovery jobs - Adaptive Applications - BlueCat Gateway - 23.3.2

Cloud Discovery & Visibility Administration Guide

Product name
BlueCat Gateway

If your AWS infrastructure structures nodes under an Organization, you can run Cloud Discovery & Visibility (CDV) on all accounts in the Organization. Doing so requires you to do the following:

  1. Register a delegated administrator for CDV.

  2. Set up a YML file for a "cross-account" role with privileges and permissions needed to access each of the accounts.

  3. Deploy this template to the AWS infrastructure, in a new StackSet.

  4. In CDV, make sure your AWS credentials use the CDV account with this new role.

  5. In CDV, configure and run the Organization-level Discovery job.

After an Organization-level Discovery job runs, you can run Visibility jobs to update BAM with details about new and changed resources within your Organization, including new accounts. For more details, see AWS Organization-level visibility jobs.

Note: These instructions assume you are using Amazon's AWS CloudFormation Designer tool to create and manage the architecture of your AWS infrastructure. A full discussion of CloudFormation Designer is beyond the scope of this guide. For more details on using CloudFormation Designer, see your AWS documentation.

Organization-level Discovery cannot be used with the following features:

  • AWS multi-factor authentication

  • AWS role assumption during discovery (in the AWS Credentials section of the AWS Setup page)

  • AWS role assumption during visibility (in the Monitoring Options section of the AWS Setup page, while using Visibility).