This chapter describes what needs to be prepared in the AWS Identity and Access Management to be able to perform an inventory with Docusnap.
Within the Inventory Wizard, the following information is required:
- Display Name
- Access Key ID
- Secret Access Key
- Region
Please make sure to use a sufficiently authorized user. This user must be allowed to make the following changes:
- Create policies
- Creating a user and assigning the created guidelines
|
The Amazon Web Services are regionally bound. If you use these services in different regions, you must ensure that a separate user and policies are created for each region. |
Create policy
This paragraph uses EC2 as an example to describe how to create a dedicated policy for inventorying AWS in Docusnap. This procedure must then be carried out for the other AWS core areas (RDS, S3, IAM, Batch, Lambda and SQS).
Open the services and select IAM.
Afterwards, a new policy can be created under Policies by clicking the Create Policy button.
The Service, Actions and Resources areas are then defined one after the other using the visual editor.
- Service
With Choose a Service, you then search for the service for which you want to create the policy, in this case EC2. - Actions
The actions permitted in EC2 are set at Access Level List and Read. - Resources
Here it is recommended to authorize the actions via All resources of the services. - Request conditions
This item is optional and is not required for a successful inventory.
Check policy
Assign a unique name for the created policy (e.g. Docusnap_EC2_Inventory) and an optional description. The configuration is completed via Create policy.
The previously described steps for creating the policy using the EC2 service as an example must now be repeated for the other services that are to be inventoried with Docusnap.
Configure User
The previously created policies are now assigned to a user. The next step is to select the User item in Services - IAM.
Important: The arrangement of the displayed data in the Docusnap tree structure is based on the inventorying user, this has the region binding described at the beginning as background. Please select the relevant usernames for different regions here in order to assign them unambiguously.
Create User
Use Add user to create a new user. A user name and AWS access type are required.
As AWS access type select Programmatic access, open the next step via the button Next: Permissions.
Define authorizations
Here you have two different possibilities to authorize your user for inventory.
- Add user to group
This option can be selected if you want to assign the created policies to a group. However, it is advisable to always carry out the inventory with the same user. - Attach existing policies directly
This option is described in this chapter to bind the pre-created policies directly to a user.
Select Add existing policies directly and navigate to the Filter Policies option and set the filter to Customer Managed. Now select the created policies and add them to this user.
The information entered can then be checked again. Click the Create User button to create the user.
Receive User Keys for Inventory
Important: The final data created (user, access key ID and secret access key) are required for the inventory in Docusnap and can be downloaded as CSV. These can only be viewed once after configuration!
