[go: up one dir, main page]
Request a Demo

AWS Tool Registration

Vault Selection for Tool

During the tool registry process, users will encounter a vault selection step if they have enabled the vault configuration policy and registered the corresponding vault tools with Opsera. At this point, please choose the vault where your specific tool’s credentials should be stored. Alternatively, you may skip this step and configure it later through the “vault” tab in your tool’s setup. Learn more on Vaults here. Example:

Create AWS Account tool in Opsera to empower your team by providing them designated accounts and automatically provision resources by registering the tool in Tool Registry.

In this section

IAM Authentication:

Opsera provides an additional method of connection establishment for the AWS Tool that uses IAM authentication. When this authentication mode is selected, Opsera creates an IAM Role trust entity, and users with IAM roles can securely connect using their ARN role and AWS region. Apart from utilizing AWS ID and secret access keys, this method enables you to securely connect your AWS account to Opsera.

AWS Tool Registration

To register the AWS Tool:

  1. Login to Opsera, and navigate Products >Tool Registry.

  2. Click + New Tool.

  3. In Step 1, select the AWS Tool from the listing.

  4. In Step 2, enter the basic details for the tool and set the Access Control by defining the users and the access type. Once done, click Create.

  5. In Step 3, if you wish to authenticate using your secret access key, enter details for AWS Access Key ID, AWS Secret Access Key, AWS Region and AWS Account ID. Click Save.

  6. In Step 3, to Authenticate using IAM, turn on the "IAM Authentication" toggle. When this authentication mode is selected, Opsera generates an IAM Role trust entity.

Enter details for the ARN role and choose the AWS region.

  1. In Step 4, the tool connection will be tested.

Note: In case of tool connection failure, click Try Again to re-enter the tool configuration details. To proceed with the tool creation and set up connection later, click Skip to Tool Detail.

Your tool will be successfully configured in Opsera.

Set IAM Roles

Opsera's improved AWS tool registry integration now provides a more complete and streamlined way to manage Identity and Access Management (IAM) roles across your AWS accounts. This is especially valuable for organizations working with multiple roles and accounts, as it simplifies the process of capturing and organizing them. With this enhancement, you can precisely define which IAM roles your AWS credentials can access, eliminating manual errors and ensuring accuracy. Additionally, Opsera supports cross-account IAM roles, including those inherited from parent accounts, which is essential for organizations with complex AWS structures. This gives administrators a deep understanding of permissions and access controls across their AWS environments.

To add a new AWS IAM ROLE:

  1. Open your registered tool from the Tool Registry section.

  2. Click the IAM Roles tab.

  3. Click + New AWS IAM Role.

  4. Select the IAM Role available for the configured tool, under the “IAM Role” dropdown.

  5. Enable the “Cross Account IAM Role” toggle, to set up IAM roles for the parent AWS account. This way, the role must be manually entered.

  6. The added roles will be listed under the tab. You can add more roles, in the similar manner.

Manage AWS Organization Accounts

The Organizations tab serves as a centralized location for managing all linked AWS Organizations. It simplifies administrative tasks such as monitoring usage and managing permissions across various accounts.

IAM Role : Users are required to set an IAM (Identity and Access Management) role that will be utilized when interacting with these organizations. This field is mandatory, ensuring that security protocols are adhered to by specifying which permissions will be applied during operations involving multiple organizations.

To add an Organization Account:

  1. Open your AWS Account in Tool Registry section.

  2. Click the Organizations tab.

  3. Choose the org type in the Data Ingest Configuration:

    1. All Orgs: This option allows data ingestion from all linked organizations without any restrictions.

    2. Selected Orgs: Users can select specific organizations they wish to include for data ingestion.

    3. Exclude Orgs: Users can exclude certain organizations from data ingestion processes.

  4. When users opt for either “Selected Orgs” or “Exclude Orgs,” they are presented with an account selection list. This list displays all available accounts associated with their selected organizations. Choose which accounts should be included or excluded from data ingestion activities.

  5. After selecting the desired organizations and accounts, enter a Role Name. This role will define permissions and access levels for those selected accounts associated with this data ingestion task.

  6. Click Save.

  7. Once saved, this tab will display a comprehensive list of all organizations that have been added to the tool. You can quickly assess which organizations are currently integrated with your AWS Master Account.

PreviousConfigure Argo RepositoriesNextConfigure AWS S3 Bucket

Last updated

Was this helpful?