AWS
Overview
Amazon Web Services (AWS) is an on-demand cloud computing platforms that provides various services related to networking, compute, storage, middleware, IOT and other processing capacity.
Available Integrations
The following AWS services can be integrated with the Sevco platform:
| Service | Supported Asset Type(s) | Integration Type |
|---|---|---|
| EC2 | Devices | Source |
| IAM | Users | Source |
| Identity Center | Users | Source |
| S3 | Devices, Users | Inventory Sync |
Please review the configuration instructions in the section below before setting up permissions for apps.
Configuration
-
Choose an Access Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas
- API ID / API Secret Key: Will retrieve AWS objects using a generated access key ID and secret access key
- AssumeRole: Will retrieve AWS objects by allowing Sevco to assume the specified role
-
Configure the Access Schema:
API ID / API Secret Key Schema
| Field | Description | Example |
|---|---|---|
API ID* | AWS Access Key ID | ABCDEFGHIJKLMNOPQRST |
API Secret Key* | AWS Access Secret | ************************************** |
AssumeRole
| Field | Description | Example |
|---|---|---|
ARN* | The Amazon Resource Name (ARN) of the AWS Role to assume | arn:aws:iam::888218222122:role/SevcoAWSIAMSourceRole |
Organization Discovery | Enables AWS account discovery. See Creating Credentials – AWS Organization Discovery for more information. | n/a |
-
Add new integration Select which integration(s) you wish to add. See links for details on additional configuration required.
-
Configure General Information: OPTIONAL: You can set the following fields to give platform configuration
| Field | Description | Example |
|---|---|---|
Name (optional) | Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization | DMZ network |
Contact Person (optional) | A placeholder to input a name or email address of a contact associated with the integration. | Jane Doe |
Link to Console (optional) | A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration. | www.product.com/devices |
Email me about frequent errors | Select this toggle to receive an email whenever an Integration has a ≥30% error rate in a 24-hour period. | n/a |
- Activate Config: To enable this configuration "Activate."
External Documentation
Creating credentials
Access Key ID/Secret Access Key Schemas
You'll be asked to provide source credentials that Sevco will use to connect to AWS. The following link will step you through creating your AWS keys.
https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys
Assume Role Schemas
The IAM trust policy for your assumable role will vary based on your chosen integration. See integration-specific documentation for details:
- Collect devices from EC2
- Collect users from IAM
- Collect users from Identity Center
- Sync assets to an S3 bucket
Required permissions
See integration-specific documentation for details
Integration | Effect | Action |
|---|---|---|
Allow | ec2:DescribeInstances ec2:DescribeRegions ec2:DescribeAddresses ec2:DescribeNetworkInterfaces | |
Allow | iam:GetUser iam:ListUsers | |
Allow | identitystore:ListGroupMemberships identitystore:ListGroups identitystore:ListUsers | |
Allow | s3:PutObject s3:AbortMultipartUpload |
API Documentation
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the Suggest Edits located in the upper right hand corner of the documentation.
Updated 3 days ago