Discover and view AWS resources

After you create AWS accounts, you run Discovery to discover AWS accounts and associated resources.

Before you begin

Role required: aws_admin or cloud_admin

Amazon Web Services account credentials.

The account used for the AWS discovery scan needs the ReadOnlyAccess permissions policy applied to it.

About this task

The discovery of Amazon Web Services cloud is based on account information rather than an IP range. MID Servers are not used in this type of discovery. An AWS web service account is a master account that has many subscriptions, where each subscription is a set of login credentials. Each subscription has views into the resources available in the master account to that subscription. To discover the entire web service account, you must have the credentials for each subscription.
A Discovery schedule can discover one or more Amazon web service accounts. To perform host-based discovery of the virtual hosts contained within an AWS Virtual Private Cloud (VPC):
  • A MID server must be installed and configured on a node within the VPC.
  • Each VPC that is discovered must have a separate Discovery schedule for the IP addresses in the VPC.
.

Procedure

  1. Navigate to the account to discover: Either: Amazon AWS Cloud > Accounts or AWS Discovery > Accounts.
  2. Select the account to discover and click the Create Discovery Schedule related link.
  3. On the Discovery Schedule page, click the Discover now related link.
    The system performs the Discovery process and lists the results in the Discovery Status list. Discovered resources are listed on the Account page, grouped by type on separate tabs.