AWS Instance Discovery

Secret Server can now scan for instance resources in AWS. You can add this ability in the scanner settings section or through the wizard.

  1. Create and AWS discovery source. See Enabling AWS Discovery.

  2. Navigate to Admin > Discovery:

    img

  3. Click the Create Discovery Source dropdown list and select AWS (Amazon Web Services). The AWS Discovery Source wizard Overview page appears:

    image-20200730103633250

  4. Click the Next button. The Discovery Source Name page appears:

    image-20200730103729413

  5. Type the name of the AWS discovery source in the Discovery Source Name text box.

  6. Click the Next button. The Site page appears:

    image-20200730103838005

  7. Click the Add Site list box to select the site.

  8. Click the Next button. AWS Service Account Scanner page appears:

    image-20200730103954581

  9. Click the check boxes for the scanners you desire.

  10. Click the Next button.

    image-20200730104044702

  11. Click to select the Scan AWS Instances check box.

  12. Type the regions you wish to scan for instances. The regions must be listed in a comma-delimited list for instances to be discovered.

    See Regions, Availability Zones, and Local Zones for more information on AWS regions.

  13. Click to select the check boxes for the scanners you desire:

    • AWS Windows Machine Scanner: This is a machine scanner that scans each region and pulls all of the AWS Windows OS VM instances.

    • AWS Machine (Non-Windows) Scanner: This is a machine scanner that scans each region and pulls all of the AWS Non-Windows OS VM instances.

  14. Click the Next button. The Credential Secrets page appears:

    image-20200730104511786

  15. Click the Add Secret link. The Select a Secret popup appears:

    img

  16. Navigate the folder tree and select the secret you created earlier. As soon as you select the check box, the popup disappears and the secret appears under the Add Secret link.

  17. Click the Finish button.