AWS Cloud Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2024 05:04 AM
Hello,
We have set up cloud discovery and using cross assumed role but this only works for midservers that are in the account we are discovering. Do we have to deploy midservers in every account in order to discover the cloud resources in each account? We don't want to set up 50-60 midservers to run cloud discovery. Is there a way to deploy a couple midservers to discover all accounts and resources in those accounts? Please help.
Thanks,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2024 01:52 AM
For those,
who are looking into the same question: the answer is No, you dont need so many MidServers, if configuration done Right:
As per KB0832866 there are 3 options:
- Option 1 > Use one management account in AWS Organization to populate all child accounts, and run discovery to child accounts without the need of configuring credentials one by one. (you only need to configure discovery credential for the management account)
- Option 2 > Use one AWS account to discover multiple "trusted" aws accounts (e.g. cross org accounts, member to member, member to management, etc), without the need of configuring credentials one by one. (you only need to configure discovery credential for one AWS account)
- Option 3 > Use IAM Role / IAM Instance profile feature with an AWS hosted MID server, no need to configure discovery credential. Can be used with Option 1 or Option 2
In our lates implementation found those instructions useful : KB0957891
Hope that helps