Configuration

Configure a cloud connector

1. In the BeyondInsight console, go to Configuration > General > Connectors.

2. In the Connectors pane, click Create New Connector.

3. Provide a name for the connector, and then select a Connector Type from the list:

   • AWS Scan Target Collector
   • Azure Scan Target Collector
   • Google Cloud Scan Target Collector
   • Hyper-V Scan Target Collector
   • Rackspace Scan Target Collector

4. Click Create Connector.

5. Enter the connector information in the right pane:

   • For AWS cloud connections, required fields are: Region, Access Key ID, and Secret Access Key ID.

     Instances associated with the region are displayed in the Connection Test Results section.

   • For Azure, required fields are: Region, Client ID, Client Server, Tenant ID, and Subscription ID.

   • For Google Cloud, required fields are Server (the region), Project Name (the project ID), and the Key File. Upload the key that you downloaded from the Google Cloud.

   • Hyper-V server, required fields are: Server (IP address), Username, and Password.

   • For Rackspace, required fields are Account Type, Username, and API Key.

6. After you configure the connector, click Test Connector to ensure the connector works.

7. Click Create Connector.

After you create a cloud connector, you can run a scan and review the results to determine what cloud assets were discovered..

Cloud connector Smart Groups

You can create Smart Groups based on the cloud connectors that you are using.

1. From the left menu, click Smart Rules.
2. Click Create Smart Rule.
3. Select a category, and then enter a name and description.
4. Under Selection Criteria, select Cloud Assets, and then select the cloud connector type to filter on (AWS, Azure, Hyper-V).
5. For AWS, click Select AWS Instance Types to pick specific instance types.
6. For AWS, Azure, and Google, check the Use Private IP Address box to scan internal IP addresses.
7. Under Actions, select Show asset as Smart Group.
8. Click Create Smart Rule.
9. Run a discovery scan on the smart group to see the cloud assets in reports.
10. On the Assets page, select the cloud connector, and then click the vertical ellipsis button to review the details.

Configure BeyondInsight AWS connector

This section provides information on setting up an Amazon AWS connector, including details on the AWS configuration.

Set up a policy

1. Log in to the AWS Management Console.
2. Select Identity & Access Management.
3. Select Policies from the Details menu.
4. Select Create Policy.
5. Select Create Your Own Policy.
6. Enter a policy name and description.
7. Paste the following JSON into Policy Document:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "elasticloadbalancing:DescribeLoadBalancers",
            "ec2:DescribeInstances",
            "ec2:DescribeRegions",
            "ec2:DescribeInstanceStatus",
            "ec2:DescribeImages"
        ],
        "Resource": "*"
    }
]
}

ℹ️

Note

For "Resource": "*", you must determine what JSON is required for your current needs. You may also need a condition with this, such as if you want only the dev group to have access to certain instances.

Grant access to a third party (optional)

ℹ️

Note

The ARN and External Name fields are for granting access to a third party. For more information, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

After you configure the AWS settings, you can create the AWS Scan Target Collector connector and Smart Group in the BeyondInsight console.

ℹ️

Note

When creating, editing, or viewing the connector, the Cloud Scan Targets grid only shows results immediately after a test is completed. The targets are not automatically loaded into the BeyondInsight UI each time the connector is viewed or edited.